Wanted to pump this thread up again before it gets into oblivion.
Just recently I talked to a a couple of crypto newcomers about this feature. Turns out not many ledger owners know that this feature exists at all.
Topic: [Howto] Use Ledger Nano as Security Key (Read 538 times)
According to the information on the website you can import the seed on another ledger and U2F will work just fine.
Yeah, I meant the U2F state. How are you going to use it in the other device if the counter isn’t synchronized with the websites you try to login to? That’s what holds me from using my Nano S as a U2F 2FA.I think we are talking at cross purposes here.
Exactly this problem should have been solved by now. At least that's what I read on their website.
... you can restore your recovery phrase on any Ledger hardware wallet and reinstall the Fido U2F app to get access to your account.
According to the information on the website you can import the seed on another ledger and U2F will work just fine.
Yeah, I meant the U2F state. How are you going to use it in the other device if the counter isn’t synchronized with the websites you try to login to? That’s what holds me from using my Nano S as a U2F 2FA. Does that mean that the counter is persistent now?
Yeah, I suppose the seed just restores the counter now.
But I couldn't find any details in the release notes regarding this.
Also, even if it (somehow) is, the seed can’t possibly hold these numbers, so if you restore your wallet in another device, the U2F won’t go with it. Am I correct?
According to the information on the website you can import the seed on another ledger and U2F will work just fine.
Important information
- If you lose access to your device, you can restore your recovery phrase on any Ledger hardware wallet and reinstall the Fido U2F app to get access to your account.
- If you're managing the same private keys on multiple Ledger hardware wallets, only one device can be used for Fido U2F.
- If you lose access to your device, you can restore your recovery phrase on any Ledger hardware wallet and reinstall the Fido U2F app to get access to your account.
- If you're managing the same private keys on multiple Ledger hardware wallets, only one device can be used for Fido U2F.
I strongly assume that it was fixed by one of the last software updates.
That's why I removed the warning from the start post and expect that the Ledger Nano S can now finally be used as a FIDO U2F device without any counter problem.
Does that mean that the counter is persistent now?That's why I removed the warning from the start post and expect that the Ledger Nano S can now finally be used as a FIDO U2F device without any counter problem.
Also, even if it (somehow) is, the seed can’t possibly hold these numbers, so if you restore your wallet in another device, the U2F won’t go with it. Am I correct?
>> Attention <<
Unfortunately, this is a very serious complication that stops me from using my ledger as a two-factor authorization device. If I forget to reset before flashing, I will have problems regaining access. And if I too often do a reset, this may look suspicious from the point of view of the site, and I try to avoid too close attention to security issues. The idea is good, the implementation is poor.Quote
The FIDO U2F app on your Ledger device maintains an internal counter that changes each time you use FIDO U2F to log in on a third party service. After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on:
1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email).
2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication.
3. Re-register your device as authentication method.
[source: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F]1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email).
2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication.
3. Re-register your device as authentication method.
It seems that the problem with the internal counter has been solved.
At least the warning has been removed from their website:
https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F
Unfortunately I could not find anything in the release notes about it:
https://support.ledger.com/hc/en-us/articles/360010446000
The only thing I could find was this reddit post, saying that the counter problem will be fixed soon.
https://www.reddit.com/r/ledgerwallet/comments/d1kso9/does_the_ledger_nano_x_have_fido_u2f_can_i_use/eznwkv3/
I strongly assume that it was fixed by one of the last software updates.
That's why I removed the warning from the start post and expect that the Ledger Nano S can now finally be used as a FIDO U2F device without any counter problem.
>> Attention <<
Unfortunately, this is a very serious complication that stops me from using my ledger as a two-factor authorization device. If I forget to reset before flashing, I will have problems regaining access. And if I too often do a reset, this may look suspicious from the point of view of the site, and I try to avoid too close attention to security issues. The idea is good, the implementation is poor. Quote
The FIDO U2F app on your Ledger device maintains an internal counter that changes each time you use FIDO U2F to log in on a third party service. After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on:
1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email).
2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication.
3. Re-register your device as authentication method.
[source: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F]1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email).
2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication.
3. Re-register your device as authentication method.
Is there anythng you need to backup? Incase you lose your ledger? I once didn't backup my F2A and locked myself out when I reformatted my phone. They need to be more in your face about backing it up.
I was new to it and didn't realize what I had done (or rather didn't do) before it was too late. So from now on I constantly remind myself and other people to always backup. I make more then one backup too.
I was new to it and didn't realize what I had done (or rather didn't do) before it was too late. So from now on I constantly remind myself and other people to always backup. I make more then one backup too.
@HarHarHar9965
Your post has nothing to do with the original OP + it is copy/pasted either from here https://coinsutra.com/edger-nano-s-setup-guide/ or somewhere else.
All you had to do was post a source link.
Your post has nothing to do with the original OP + it is copy/pasted either from here https://coinsutra.com/edger-nano-s-setup-guide/ or somewhere else.
All you had to do was post a source link.
Caution: Only buy ledger Nano S from its official store and avoid other eCommerce stores including Amazon because you can lose your currencies like this man.
Once you have laid hands on your Ledger Nano S, self-educate yourself on how to use it because understanding its functionality is, well, a learning curve.
Keeping this learning curve in time, I thought of writing on a few things that you might need after you have your device in your hands.
Stick around and read this post so you can shorten your learning time and enjoy using Ledger Nano S.
Once you have laid hands on your Ledger Nano S, self-educate yourself on how to use it because understanding its functionality is, well, a learning curve.
Keeping this learning curve in time, I thought of writing on a few things that you might need after you have your device in your hands.
Stick around and read this post so you can shorten your learning time and enjoy using Ledger Nano S.
Since the internal counter resets itself after every firmware update (or if you accidentally uninstall the Fido u2f app), and you have to set up all services again, I added this information to the start post.
If this should be fixed with an upcoming firmware update, I will announce it here.
If this should be fixed with an upcoming firmware update, I will announce it here.
The Nano S is also not the only wallet with FIDO/U2F support!
The following website shows all wallets that support FIDO/U2F:
https://www.hardware-wallets.de/fidou2f/
The following website shows all wallets that support FIDO/U2F:
https://www.hardware-wallets.de/fidou2f/
Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.
Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).
Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).
Of course I wouldn't want to have the hardware wallet permanently with me, which stores the 'Life Savings'.
Just look at it this way: Before you buy a Yubikey you better get a Ledger Nano which can also store your cryptocurrencies safely.
This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
Yes. It's basically the same technology (I still think the Yubikey is more convenient, but both work fine). 
Thank you for this guide! I received one of my first Ledger Nano S wallets about a bit more than a year ago without knowing what the preinstalled Fido U2F application did; I’ll definitely be using this for Google and Twitter. I never knew hardware wallets could also serve as a form of 2FA as well as storing coins up to this point in time, and this may just make me buy another Ledger or two. 
This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.
Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).
Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).
So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys
Yes the seed is the backup!
It doesn't have to be a nano, but for the recovery you need a hardware wallet which uses the BIP39/BIP44 standard for the recovery phrase and supports U2F.
Therefore a Trezor Wallet or a Ledger Blue can also be used.
OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one.
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).
I was thinking about this as well.
But in the end of the article I read this:
Another advantage: The Recovery Seed Phrase serves as a backup, which can also be restored with other hardware wallets!
Sources:
1) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html
2) https://www.dropbox.com/help/security/enable-two-step-verification
Sources:
1) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html
2) https://www.dropbox.com/help/security/enable-two-step-verification
So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys
OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one.
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).
Edit: Thanks @bitmover for the answer/clearup. I've missed that part, shame on me.
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).
Edit: Thanks @bitmover for the answer/clearup. I've missed that part, shame on me.
This is very good and I didn't knew about this u2f.
Thanks for sharing, but I think you should have explained what is u2f
I made a little research (I never heard of it until today):
So, to sum up, it's a better 2fa
Will read more about it.
Thanks for sharing, but I think you should have explained what is u2f
I made a little research (I never heard of it until today):
Quote
U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed. FIDO2 is the latest generation of the U2F protocol.
U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more.
Origin Binding: Defense against Phishing
With the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers.
https://www.yubico.com/solutions/fido-u2f/
U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more.
Origin Binding: Defense against Phishing
With the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers.
https://www.yubico.com/solutions/fido-u2f/
So, to sum up, it's a better 2fa
Will read more about it.
Jump to: