Bitcoin Forum
July 20, 2019, 04:54:11 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [Howto] Use Ledger Nano as Security Key  (Read 188 times)
aundroid
Hero Member
*****
Online Online

Activity: 714
Merit: 516


simply getting the job done


View Profile WWW
January 13, 2019, 08:49:13 PM
Merited by DdmrDdmr (2), NeuroticFish (1), leowonderful (1), jossiel (1), TryNinja (1), iasenko (1)
 #1

This is a tutorial on how to use a Ledger Nano as a security key for a variety of online accounts.



Preview: Ledger Nano and U2F in action

1. Start FidoU2F App



2. Navigate to the previously set up online account and log in.

3. Confirm Login on the Ledger



4. Done!




Configure the Ledger as USB Security Key

1. Download and install Ledger Live: https://www.ledger.com/pages/ledger-live
2. Connect Ledger Wallet to your computer and unlock with PIN
3. Open Manager
4. Install the "Fido U2F" App

Set up Google Account

1. click 'Security' in your Google Account.
2. activate '2-Step Verification', if not done yet
3. connect Ledger and unlock with PIN
4. Click on 'ADD SECURITY KEY' from the available 2-Step-Verification options.
5. open the FidoU2F app on the ledger and click on continue
6. Click 'yes' on the Ledger when the 'Confirm registration' message appears.
7. Done!

Set up Twitter account

To be able to use U2F, the SMS notifications have to be activated first.

1. Open 'Settings and Privacy'
2. click on 'Set up login verification'
3. verify phone number
4. generate and write down backup code (if U2F key is lost)
5. connect ledger and unlock with PIN
6. open the FidoU2F app on the ledger
7. below 'Security key' click on 'Setup'
8. Done!

Set up Dropbox

First you have to set up 2FA via SMS or Authenticator App

1. log in to dropbox.com.
2. click on the profile picture.
3. select settings.
4. click on the 'Security' tab.
5. under ''Two-step verification' click 'ON
6. select either 'Per SMS' or 'Via mobile app' and complete the process
7. under 'Two-step verification' click the 'Add' button next to 'Security key'.
8. connect ledger, start FidoU2F app
9. click on 'Begin Setup'
10. enter dropbox password
11. Click 'yes' on the Ledger when the 'Confirm registration' message appears.
12. assign name for key
13. Done!




Other examples of websites that support U2F are e.g: AWS, Bitfinex, Github & Gitlab, Nextcloud

https://www.dongleauth.info offers a list of websites and whether they support Universal 2nd Factor (U2F) or not.


Another advantage: The Recovery Seed Phrase serves as a backup, which can also be restored with other hardware wallets!


Sources:
1) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html
2) https://www.dropbox.com/help/security/enable-two-step-verification

     ▄███▌
    ██████
   ██ ▀████       ███
  ██   ████     ██████       ▄▄▄
 █▀    ████    ███████      █████
      ████    ███████      ██████
      ████    ███████     ███████   ███
      ████   ███ ████    ███████   ████
     ████   ███ ████    ███ ████   ████    ▐██▌      ████▄
     ████   ███ ████   ███ ████   ████     ███     ███████   ██   ███▄     ▄▄██
     ████  ███ ████   ███ ████    ████    ████   ███▀  ███  ████▄█████   ████ ▄██    █
    ████  ███  ████  ███ ████    ████    ████   ███▀  ██▀  ██████▀████ ████   ████   █
    ████ ███  ████  ███  ████    ████    ████  ████       ██████  ████████▀   ████ ▄█
    ████ ███  ████ ███  ████    ████   ██████  ████      ██████    ███████     █████▀
   ████ ███   ███████   ████   █████  ██████  ██████▄  ▄██████        ████▄   ███
   ████ ███  ███████   ▐████  ██████████ ███   █████████  ████        █████████▀
   ███████   ██████    ▐██████████████   ███    ▀████▀   ████          █████▀▀
  ███████    █████     ▐██████   ████   ███
  ██████     ▀██▀       ▀████           ███
  ▀████                          █     ███
                                 ██▄  ▄███
                                  ██████▀
                                   ▀▀▀▀

   
.THE JOB DONE.

 

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
 

█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
 
in
 

  ▄▄                ▄▄
  ████▄  ▄▄▄▄▄▄  ▄████
  ████████████████████
  ████████████████████
 ▄████████████████████▄
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████
  ▀██████████████████▀
    ▀██████████████▀
██▄     ████████
 ▀██    ████████
 

  ▄▄██████████████▄▄
 ██▀▀            ▀▀██
██▌            ▐█▌ ▐██
██     ▄██████▄     ██
██    ██▀    ▀██    ██
██   ▐█▌      ▐█▌   ██
██   ▐█▌      ▐█▌   ██
██    ██▄    ▄██    ██
██     ▀██████▀     ██
██▌                ▐██
 ██▄▄            ▄▄██
  ▀▀██████████████▀▀
 
██▄
█████▄
████████▄
███████████
████████▀
█████▀
██▀
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563641651
Hero Member
*
Offline Offline

Posts: 1563641651

View Profile Personal Message (Offline)

Ignore
1563641651
Reply with quote  #2

1563641651
Report to moderator
1563641651
Hero Member
*
Offline Offline

Posts: 1563641651

View Profile Personal Message (Offline)

Ignore
1563641651
Reply with quote  #2

1563641651
Report to moderator
1563641651
Hero Member
*
Offline Offline

Posts: 1563641651

View Profile Personal Message (Offline)

Ignore
1563641651
Reply with quote  #2

1563641651
Report to moderator
bitmover
Hero Member
*****
Online Online

Activity: 546
Merit: 873



View Profile
January 14, 2019, 08:49:58 AM
Merited by NeuroticFish (1)
 #2

This is very good and I didn't knew about this u2f.
Thanks for sharing, but I think you should have explained what is u2f

I made a little research (I never heard of it until today):

Quote
U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed.  FIDO2 is the latest generation of the U2F protocol.

U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more.

Origin Binding:  Defense against Phishing

With the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers.

https://www.yubico.com/solutions/fido-u2f/

So, to sum up, it's a better 2fa Smiley
 Will read more about it.

NeuroticFish
Legendary
*
Offline Offline

Activity: 1918
Merit: 1253


There are no mistakes. Only opportunities wasted.


View Profile
January 14, 2019, 10:19:48 AM
Last edit: January 14, 2019, 11:11:14 AM by NeuroticFish
 #3

OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one.
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).


Edit: Thanks @bitmover for the answer/clearup. I've missed that part, shame on me.

bitmover
Hero Member
*****
Online Online

Activity: 546
Merit: 873



View Profile
January 14, 2019, 10:35:06 AM
Last edit: January 14, 2019, 09:52:03 PM by bitmover
Merited by NeuroticFish (1)
 #4

OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one.
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).


I was thinking about this as well.

But in the end of the article I read this:

Another advantage: The Recovery Seed Phrase serves as a backup, which can also be restored with other hardware wallets!


Sources:
1) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html
2) https://www.dropbox.com/help/security/enable-two-step-verification



So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys

aundroid
Hero Member
*****
Online Online

Activity: 714
Merit: 516


simply getting the job done


View Profile WWW
January 14, 2019, 12:11:23 PM
 #5

So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys

Yes the seed is the backup!

It doesn't have to be a nano, but for the recovery you need a hardware wallet which uses the BIP39/BIP44 standard for the recovery phrase and supports U2F.

Therefore a Trezor Wallet or a Ledger Blue can also be used.

     ▄███▌
    ██████
   ██ ▀████       ███
  ██   ████     ██████       ▄▄▄
 █▀    ████    ███████      █████
      ████    ███████      ██████
      ████    ███████     ███████   ███
      ████   ███ ████    ███████   ████
     ████   ███ ████    ███ ████   ████    ▐██▌      ████▄
     ████   ███ ████   ███ ████   ████     ███     ███████   ██   ███▄     ▄▄██
     ████  ███ ████   ███ ████    ████    ████   ███▀  ███  ████▄█████   ████ ▄██    █
    ████  ███  ████  ███ ████    ████    ████   ███▀  ██▀  ██████▀████ ████   ████   █
    ████ ███  ████  ███  ████    ████    ████  ████       ██████  ████████▀   ████ ▄█
    ████ ███  ████ ███  ████    ████   ██████  ████      ██████    ███████     █████▀
   ████ ███   ███████   ████   █████  ██████  ██████▄  ▄██████        ████▄   ███
   ████ ███  ███████   ▐████  ██████████ ███   █████████  ████        █████████▀
   ███████   ██████    ▐██████████████   ███    ▀████▀   ████          █████▀▀
  ███████    █████     ▐██████   ████   ███
  ██████     ▀██▀       ▀████           ███
  ▀████                          █     ███
                                 ██▄  ▄███
                                  ██████▀
                                   ▀▀▀▀

   
.THE JOB DONE.

 

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
 

█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
 
in
 

  ▄▄                ▄▄
  ████▄  ▄▄▄▄▄▄  ▄████
  ████████████████████
  ████████████████████
 ▄████████████████████▄
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████
  ▀██████████████████▀
    ▀██████████████▀
██▄     ████████
 ▀██    ████████
 

  ▄▄██████████████▄▄
 ██▀▀            ▀▀██
██▌            ▐█▌ ▐██
██     ▄██████▄     ██
██    ██▀    ▀██    ██
██   ▐█▌      ▐█▌   ██
██   ▐█▌      ▐█▌   ██
██    ██▄    ▄██    ██
██     ▀██████▀     ██
██▌                ▐██
 ██▄▄            ▄▄██
  ▀▀██████████████▀▀
 
██▄
█████▄
████████▄
███████████
████████▀
█████▀
██▀
DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 560
Merit: 2450

There are lies, damned lies and statistics. MTwain


View Profile WWW
January 14, 2019, 06:37:48 PM
Merited by bitmover (1)
 #6

Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.

Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).

leowonderful
Legendary
*
Offline Offline

Activity: 1372
Merit: 1087



View Profile
January 14, 2019, 06:41:42 PM
 #7

Thank you for this guide! I received one of my first Ledger Nano S wallets about a bit more than a year ago without knowing what the preinstalled Fido U2F application did; I’ll definitely be using this for Google and Twitter. I never knew hardware wallets could also serve as a form of 2FA as well as storing coins up to this point in time, and this may just make me buy another Ledger or two.  Grin

This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.

TryNinja
Legendary
*
Online Online

Activity: 1078
Merit: 1369


CS <3


View Profile
January 14, 2019, 08:27:02 PM
 #8

This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
Yes. It's basically the same technology (I still think the Yubikey is more convenient, but both work fine).

aundroid
Hero Member
*****
Online Online

Activity: 714
Merit: 516


simply getting the job done


View Profile WWW
January 15, 2019, 09:21:53 AM
 #9

Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.

Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).


Of course I wouldn't want to have the hardware wallet permanently with me, which stores the 'Life Savings'.

Just look at it this way: Before you buy a Yubikey you better get a Ledger Nano which can also store your cryptocurrencies safely.  Wink

     ▄███▌
    ██████
   ██ ▀████       ███
  ██   ████     ██████       ▄▄▄
 █▀    ████    ███████      █████
      ████    ███████      ██████
      ████    ███████     ███████   ███
      ████   ███ ████    ███████   ████
     ████   ███ ████    ███ ████   ████    ▐██▌      ████▄
     ████   ███ ████   ███ ████   ████     ███     ███████   ██   ███▄     ▄▄██
     ████  ███ ████   ███ ████    ████    ████   ███▀  ███  ████▄█████   ████ ▄██    █
    ████  ███  ████  ███ ████    ████    ████   ███▀  ██▀  ██████▀████ ████   ████   █
    ████ ███  ████  ███  ████    ████    ████  ████       ██████  ████████▀   ████ ▄█
    ████ ███  ████ ███  ████    ████   ██████  ████      ██████    ███████     █████▀
   ████ ███   ███████   ████   █████  ██████  ██████▄  ▄██████        ████▄   ███
   ████ ███  ███████   ▐████  ██████████ ███   █████████  ████        █████████▀
   ███████   ██████    ▐██████████████   ███    ▀████▀   ████          █████▀▀
  ███████    █████     ▐██████   ████   ███
  ██████     ▀██▀       ▀████           ███
  ▀████                          █     ███
                                 ██▄  ▄███
                                  ██████▀
                                   ▀▀▀▀

   
.THE JOB DONE.

 

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
 

█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
 
in
 

  ▄▄                ▄▄
  ████▄  ▄▄▄▄▄▄  ▄████
  ████████████████████
  ████████████████████
 ▄████████████████████▄
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████
  ▀██████████████████▀
    ▀██████████████▀
██▄     ████████
 ▀██    ████████
 

  ▄▄██████████████▄▄
 ██▀▀            ▀▀██
██▌            ▐█▌ ▐██
██     ▄██████▄     ██
██    ██▀    ▀██    ██
██   ▐█▌      ▐█▌   ██
██   ▐█▌      ▐█▌   ██
██    ██▄    ▄██    ██
██     ▀██████▀     ██
██▌                ▐██
 ██▄▄            ▄▄██
  ▀▀██████████████▀▀
 
██▄
█████▄
████████▄
███████████
████████▀
█████▀
██▀
aundroid
Hero Member
*****
Online Online

Activity: 714
Merit: 516


simply getting the job done


View Profile WWW
January 21, 2019, 04:14:06 PM
 #10

The Nano S is also not the only wallet with FIDO/U2F support!

The following website shows all wallets that support FIDO/U2F:
https://www.hardware-wallets.de/fidou2f/

     ▄███▌
    ██████
   ██ ▀████       ███
  ██   ████     ██████       ▄▄▄
 █▀    ████    ███████      █████
      ████    ███████      ██████
      ████    ███████     ███████   ███
      ████   ███ ████    ███████   ████
     ████   ███ ████    ███ ████   ████    ▐██▌      ████▄
     ████   ███ ████   ███ ████   ████     ███     ███████   ██   ███▄     ▄▄██
     ████  ███ ████   ███ ████    ████    ████   ███▀  ███  ████▄█████   ████ ▄██    █
    ████  ███  ████  ███ ████    ████    ████   ███▀  ██▀  ██████▀████ ████   ████   █
    ████ ███  ████  ███  ████    ████    ████  ████       ██████  ████████▀   ████ ▄█
    ████ ███  ████ ███  ████    ████   ██████  ████      ██████    ███████     █████▀
   ████ ███   ███████   ████   █████  ██████  ██████▄  ▄██████        ████▄   ███
   ████ ███  ███████   ▐████  ██████████ ███   █████████  ████        █████████▀
   ███████   ██████    ▐██████████████   ███    ▀████▀   ████          █████▀▀
  ███████    █████     ▐██████   ████   ███
  ██████     ▀██▀       ▀████           ███
  ▀████                          █     ███
                                 ██▄  ▄███
                                  ██████▀
                                   ▀▀▀▀

   
.THE JOB DONE.

 

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
 

█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
 
in
 

  ▄▄                ▄▄
  ████▄  ▄▄▄▄▄▄  ▄████
  ████████████████████
  ████████████████████
 ▄████████████████████▄
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████▌
 ██████████████████████
  ▀██████████████████▀
    ▀██████████████▀
██▄     ████████
 ▀██    ████████
 

  ▄▄██████████████▄▄
 ██▀▀            ▀▀██
██▌            ▐█▌ ▐██
██     ▄██████▄     ██
██    ██▀    ▀██    ██
██   ▐█▌      ▐█▌   ██
██   ▐█▌      ▐█▌   ██
██    ██▄    ▄██    ██
██     ▀██████▀     ██
██▌                ▐██
 ██▄▄            ▄▄██
  ▀▀██████████████▀▀
 
██▄
█████▄
████████▄
███████████
████████▀
█████▀
██▀
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!