Bitcoin Forum
July 19, 2019, 09:58:02 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [Tuto] Ledger Nano et U2F  (Read 89 times)
asche
Hero Member
*****
Offline Offline

Activity: 574
Merit: 637


I forgot more than you will ever know.


View Profile
February 03, 2019, 04:20:18 PM
Merited by Halab (3), TomCrypto (1)
 #1

Bonjour,

Je souhaite proposer un aperçu d'une possibilité moins exploitée de la Ledger Nano (S dans mon cas).
Cela fait longtemps (enfin depuis que je l'ai, donc quelques mois) que j'utilise l'appli Fido U2F de ledger, mais pas eu l'idée d'en faire un tuto avant de voir celui de aundroid (Source )

On suppose que l'application Fido U2F est déjà installée sur la ledger via ledger live.

1. Lancer l'application FidoU2F



2. Se connecter à un compte sécurisé via U2F.

3. Valider sur la ledger



Configuration de la Ledger comme clé U2F

1. Télécharger et installer Ledger Live : https://www.ledger.com/pages/ledger-live
2. Connecter la clé Ledger & déverouiller
3. Ouvrir Ledger Live
4. Installer "Fido U2F"

Google

1. Se rendre sur https://myaccount.google.com/security
2. Activer 'Authentification 2 facteurs' => https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome?utm_source=google-account&utm_medium=web
3. Connecter la ledger et la déverouiller
4. Cliquer sur "Choose another Option" ou "Choisir une autre option" - Sélectionner 'Security Key'
5. Ouvrir l'application Fido U2F
6. La clé devrait apparaître dans la liste et permettre la validation


Des démarches identiques sont disponibles sur twitter & Dropbox.

Ne l'utilisant pas sur ses services je n'en parlerai pas plus.
Si quelqu'un veut détailler la démarche je l'ajouterai au post.


U2F est supporté entre autres par AWS, Bitfinex, Github & Gitlab, Nextcloud


https://www.dongleauth.info offre une liste plutôt détaillée des services supportant l'U2F (Universal 2 Factor)


Contrairement à google auth où chaque site génère une clé privée différente à sauvegarder, ici c'est votre seed de ledger qui permettra de vous connecter.



Sources :
1) https://bitcointalk.org/index.php?topic=5096727
2) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html
3) https://www.dropbox.com/help/security/enable-two-step-verification


1563573482
Hero Member
*
Offline Offline

Posts: 1563573482

View Profile Personal Message (Offline)

Ignore
1563573482
Reply with quote  #2

1563573482
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563573482
Hero Member
*
Offline Offline

Posts: 1563573482

View Profile Personal Message (Offline)

Ignore
1563573482
Reply with quote  #2

1563573482
Report to moderator
1563573482
Hero Member
*
Offline Offline

Posts: 1563573482

View Profile Personal Message (Offline)

Ignore
1563573482
Reply with quote  #2

1563573482
Report to moderator
TomCrypto
Full Member
***
Offline Offline

Activity: 602
Merit: 202


View Profile
February 03, 2019, 04:30:53 PM
 #2

Merci Asche pour ce Tuto car tu m'as fait découvrir un truc intéressant aujourd'hui, je n'avais aucune idée que l'on pouvait utiliser son ledger comme clé 2FA.
asche
Hero Member
*****
Offline Offline

Activity: 574
Merit: 637


I forgot more than you will ever know.


View Profile
February 03, 2019, 04:31:44 PM
 #3

Honnêtement je l'ai découvert moi même en parcourant la liste des applications.

cestmoi
Full Member
***
Offline Offline

Activity: 182
Merit: 269

W̔̆̌̏͂͑ͦͧ


View Profile
February 03, 2019, 07:46:09 PM
Merited by Halab (3), asche (3)
 #4

Salut,
Je connaissait mais n'utilise pas.

C'est super mais aussi terrible !

Si tu perd ton ledger ou que tu update ton firmware  alors tu perd ton access  2FA vu que c'est fabrique par la seed mais pas derivee de celle ci.

Copie colle du site ledger :
Quote
The FIDO U2F app on your Ledger device maintains an internal counter that changes each time you use FIDO U2F to login on a third party service. After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on:

Please use an alternative means of logging in onto the services you want to access (authenticator app / one time password / request a password reset link by email).
Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication.
Re-register your device as authentication method.

https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F


Je me suis longtemps penche sur la question.

J'ai deux solutions pour toi :
Utiliser AUTHY sur 2 appareils et bloquer l'access a tout nouveau appareil sans avoir l'authorisation d'un appareil approve.

Ou alors, tu usilise google authentificator, et tu sauve les 2FA code dans un password manager (lastpass / keepass) voire meme, tu achete sur le bon coin un smartphone a 20euros  ou tu sauve/duplique  tout tes 2FA




Autre source (reddit) :
Quote
Be aware that if you do use it - the implementation is incomplete in that if you rely on it any serious capacity, and you happen to accidentally uninstall the U2F app, you have to match the counter to where it previously was in order for your logins to work..

This means if you've used it 200 times, you need to incorrectly login to any site 200 times for the counter to start working again.

It's easier probably to just remove the device and add it back again, but it would need to be done for all accounts and it's just mess and really inconvenient if it's the sole method of gaining access.
https://www.reddit.com/r/ledgerwallet/comments/7emdmu/how_to_use_fido_u2f_with_ledger_nano_s/

“W̼̟̻͎̞̦̖̭̩͔͇̺͍̩̯̲̔̆̌̏͂͑ͦͧ͛̿̑̈́̎͑̽̍ͭ̏̇͜ill you draW̼̟̻͎̞̦̖̭̩͔͇̺͍̩̯̲̔̆̌̏͂͑ͦͧ͛̿̑̈́̎͑̽̍ͭ̏̇͜ me a sheep?”
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!