aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
January 13, 2019, 08:49:13 PM Last edit: January 24, 2020, 03:43:10 PM by aundroid Merited by The Cryptovator (5), malevolent (2), Halab (2), DdmrDdmr (2), NeuroticFish (1), jossiel (1), TryNinja (1), Chikito (1), TheBeardedBaby (1), OcTradism (1), leowonderful (1) |
|
This is a tutorial on how to use a Ledger Nano as a security key for a variety of online accounts.
Preview: Ledger Nano and U2F in action1. Start FidoU2F App 2. Navigate to the previously set up online account and log in. 3. Confirm Login on the Ledger 4. Done!
Configure the Ledger as USB Security Key1. Download and install Ledger Live: https://www.ledger.com/pages/ledger-live2. Connect Ledger Wallet to your computer and unlock with PIN 3. Open Manager 4. Install the "Fido U2F" App Set up Google Account1. click 'Security' in your Google Account. 2. activate '2-Step Verification', if not done yet 3. connect Ledger and unlock with PIN 4. Click on 'ADD SECURITY KEY' from the available 2-Step-Verification options. 5. open the FidoU2F app on the ledger and click on continue 6. Click 'yes' on the Ledger when the 'Confirm registration' message appears. 7. Done! Set up Twitter accountTo be able to use U2F, the SMS notifications have to be activated first.1. Open 'Settings and Privacy' 2. click on 'Set up login verification' 3. verify phone number 4. generate and write down backup code (if U2F key is lost) 5. connect ledger and unlock with PIN 6. open the FidoU2F app on the ledger 7. below 'Security key' click on 'Setup' 8. Done! Set up DropboxFirst you have to set up 2FA via SMS or Authenticator App1. log in to dropbox.com. 2. click on the profile picture. 3. select settings. 4. click on the 'Security' tab. 5. under ''Two-step verification' click 'ON 6. select either 'Per SMS' or 'Via mobile app' and complete the process 7. under 'Two-step verification' click the 'Add' button next to 'Security key'. 8. connect ledger, start FidoU2F app 9. click on 'Begin Setup' 10. enter dropbox password 11. Click 'yes' on the Ledger when the 'Confirm registration' message appears. 12. assign name for key 13. Done! Other examples of websites that support U2F are e.g: AWS, Bitfinex, Github & Gitlab, Nextcloud https://www.dongleauth.info offers a list of websites and whether they support Universal 2nd Factor (U2F) or not. Another advantage: The Recovery Seed Phrase serves as a backup, which can also be restored with other hardware wallets! Sources: 1) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html 2) https://www.dropbox.com/help/security/enable-two-step-verification
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
bitmover
Legendary
Offline
Activity: 2450
Merit: 6249
bitcoindata.science
|
This is very good and I didn't knew about this u2f. Thanks for sharing, but I think you should have explained what is u2f I made a little research (I never heard of it until today): U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed. FIDO2 is the latest generation of the U2F protocol. U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more. Origin Binding: Defense against Phishing With the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers. https://www.yubico.com/solutions/fido-u2f/So, to sum up, it's a better 2fa Will read more about it.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3822
Merit: 6553
Looking for campaign manager? Contact icopress!
|
|
January 14, 2019, 10:19:48 AM Last edit: January 14, 2019, 11:11:14 AM by NeuroticFish |
|
OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one. What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).
Edit: Thanks @bitmover for the answer/clearup. I've missed that part, shame on me.
|
|
|
|
bitmover
Legendary
Offline
Activity: 2450
Merit: 6249
bitcoindata.science
|
|
January 14, 2019, 10:35:06 AM Last edit: January 14, 2019, 09:52:03 PM by bitmover Merited by NeuroticFish (1) |
|
OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one. What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).
I was thinking about this as well. But in the end of the article I read this: So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys
|
|
|
|
aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
January 14, 2019, 12:11:23 PM |
|
So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys
Yes the seed is the backup! It doesn't have to be a nano, but for the recovery you need a hardware wallet which uses the BIP39/BIP44 standard for the recovery phrase and supports U2F. Therefore a Trezor Wallet or a Ledger Blue can also be used.
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2464
Merit: 11035
There are lies, damned lies and statistics. MTwain
|
|
January 14, 2019, 06:37:48 PM |
|
Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.
Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).
|
|
|
|
leowonderful
Legendary
Offline
Activity: 1624
Merit: 1130
Bitcoin FTW!
|
|
January 14, 2019, 06:41:42 PM |
|
Thank you for this guide! I received one of my first Ledger Nano S wallets about a bit more than a year ago without knowing what the preinstalled Fido U2F application did; I’ll definitely be using this for Google and Twitter. I never knew hardware wallets could also serve as a form of 2FA as well as storing coins up to this point in time, and this may just make me buy another Ledger or two. This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 2982
Merit: 7399
Top Crypto Casino
|
|
January 14, 2019, 08:27:02 PM |
|
This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
Yes. It's basically the same technology (I still think the Yubikey is more convenient, but both work fine).
|
|
|
|
aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
January 15, 2019, 09:21:53 AM |
|
Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.
Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).
Of course I wouldn't want to have the hardware wallet permanently with me, which stores the 'Life Savings'. Just look at it this way: Before you buy a Yubikey you better get a Ledger Nano which can also store your cryptocurrencies safely.
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
January 21, 2019, 04:14:06 PM |
|
The Nano S is also not the only wallet with FIDO/U2F support! The following website shows all wallets that support FIDO/U2F: https://www.hardware-wallets.de/fidou2f/
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
September 26, 2019, 05:39:35 PM |
|
Since the internal counter resets itself after every firmware update (or if you accidentally uninstall the Fido u2f app), and you have to set up all services again, I added this information to the start post.
If this should be fixed with an upcoming firmware update, I will announce it here.
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
HarHarHar9965
|
|
September 28, 2019, 06:26:14 AM |
|
Caution: Only buy ledger Nano S from its official store and avoid other eCommerce stores including Amazon because you can lose your currencies like this man.
Once you have laid hands on your Ledger Nano S, self-educate yourself on how to use it because understanding its functionality is, well, a learning curve.
Keeping this learning curve in time, I thought of writing on a few things that you might need after you have your device in your hands.
Stick around and read this post so you can shorten your learning time and enjoy using Ledger Nano S.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2912
Merit: 7514
Playgram - The Telegram Casino
|
|
September 28, 2019, 08:11:38 AM |
|
@HarHarHar9965 Your post has nothing to do with the original OP + it is copy/pasted either from here https://coinsutra.com/edger-nano-s-setup-guide/ or somewhere else. All you had to do was post a source link.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
|
|
|
Zionatin
|
|
October 04, 2019, 04:17:36 AM |
|
Is there anythng you need to backup? Incase you lose your ledger? I once didn't backup my F2A and locked myself out when I reformatted my phone. They need to be more in your face about backing it up. I was new to it and didn't realize what I had done (or rather didn't do) before it was too late. So from now on I constantly remind myself and other people to always backup. I make more then one backup too.
|
|
|
|
Sancho18
Sr. Member
Offline
Activity: 728
Merit: 368
Sancho
|
|
October 04, 2019, 05:35:22 AM |
|
>> Attention <<The FIDO U2F app on your Ledger device maintains an internal counter that changes each time you use FIDO U2F to log in on a third party service. After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on:
1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email). 2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication. 3. Re-register your device as authentication method.
[source: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F] Unfortunately, this is a very serious complication that stops me from using my ledger as a two-factor authorization device. If I forget to reset before flashing, I will have problems regaining access. And if I too often do a reset, this may look suspicious from the point of view of the site, and I try to avoid too close attention to security issues. The idea is good, the implementation is poor.
|
|
|
|
aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
January 24, 2020, 03:50:20 PM |
|
>> Attention <<The FIDO U2F app on your Ledger device maintains an internal counter that changes each time you use FIDO U2F to log in on a third party service. After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on:
1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email). 2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication. 3. Re-register your device as authentication method.
[source: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F] Unfortunately, this is a very serious complication that stops me from using my ledger as a two-factor authorization device. If I forget to reset before flashing, I will have problems regaining access. And if I too often do a reset, this may look suspicious from the point of view of the site, and I try to avoid too close attention to security issues. The idea is good, the implementation is poor. It seems that the problem with the internal counter has been solved. At least the warning has been removed from their website: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2FUnfortunately I could not find anything in the release notes about it: https://support.ledger.com/hc/en-us/articles/360010446000The only thing I could find was this reddit post, saying that the counter problem will be fixed soon. https://www.reddit.com/r/ledgerwallet/comments/d1kso9/does_the_ledger_nano_x_have_fido_u2f_can_i_use/eznwkv3/I strongly assume that it was fixed by one of the last software updates. That's why I removed the warning from the start post and expect that the Ledger Nano S can now finally be used as a FIDO U2F device without any counter problem.
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
TryNinja
Legendary
Offline
Activity: 2982
Merit: 7399
Top Crypto Casino
|
|
January 24, 2020, 04:11:21 PM |
|
I strongly assume that it was fixed by one of the last software updates.
That's why I removed the warning from the start post and expect that the Ledger Nano S can now finally be used as a FIDO U2F device without any counter problem.
Does that mean that the counter is persistent now? Also, even if it (somehow) is, the seed can’t possibly hold these numbers, so if you restore your wallet in another device, the U2F won’t go with it. Am I correct?
|
|
|
|
aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
January 24, 2020, 06:08:34 PM |
|
Does that mean that the counter is persistent now?
Yeah, I suppose the seed just restores the counter now. But I couldn't find any details in the release notes regarding this. Also, even if it (somehow) is, the seed can’t possibly hold these numbers, so if you restore your wallet in another device, the U2F won’t go with it. Am I correct?
According to the information on the website you can import the seed on another ledger and U2F will work just fine. Important information
- If you lose access to your device, you can restore your recovery phrase on any Ledger hardware wallet and reinstall the Fido U2F app to get access to your account. - If you're managing the same private keys on multiple Ledger hardware wallets, only one device can be used for Fido U2F.
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
TryNinja
Legendary
Offline
Activity: 2982
Merit: 7399
Top Crypto Casino
|
|
January 24, 2020, 07:01:05 PM |
|
According to the information on the website you can import the seed on another ledger and U2F will work just fine.
Yeah, I meant the U2F state. How are you going to use it in the other device if the counter isn’t synchronized with the websites you try to login to? That’s what holds me from using my Nano S as a U2F 2FA.
|
|
|
|
aundroid (OP)
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
January 25, 2020, 11:35:51 AM |
|
According to the information on the website you can import the seed on another ledger and U2F will work just fine.
Yeah, I meant the U2F state. How are you going to use it in the other device if the counter isn’t synchronized with the websites you try to login to? That’s what holds me from using my Nano S as a U2F 2FA. I think we are talking at cross purposes here. Exactly this problem should have been solved by now. At least that's what I read on their website. ... you can restore your recovery phrase on any Ledger hardware wallet and reinstall the Fido U2F app to get access to your account.
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
|