Author

Topic: [Howto] Use Ledger Nano as Security Key (Read 590 times)

legendary
Activity: 1232
Merit: 1255
November 19, 2020, 03:31:01 PM
#21
Wanted to pump this thread up again before it gets into oblivion.
Just recently I talked to a a couple of crypto newcomers about this feature. Turns out not many ledger owners know that this feature exists at all.
legendary
Activity: 1232
Merit: 1255
January 25, 2020, 06:35:51 AM
#20
According to the information on the website you can import the seed on another ledger and U2F will work just fine.
Yeah, I meant the U2F state. How are you going to use it in the other device if the counter isn’t synchronized with the websites you try to login to? That’s what holds me from using my Nano S as a U2F 2FA.

I think we are talking at cross purposes here.  Smiley
Exactly this problem should have been solved by now. At least that's what I read on their website.

... you can restore your recovery phrase on any Ledger hardware wallet and reinstall the Fido U2F app to get access to your account.
legendary
Activity: 2758
Merit: 6830
January 24, 2020, 02:01:05 PM
#19
According to the information on the website you can import the seed on another ledger and U2F will work just fine.
Yeah, I meant the U2F state. How are you going to use it in the other device if the counter isn’t synchronized with the websites you try to login to? That’s what holds me from using my Nano S as a U2F 2FA.
legendary
Activity: 1232
Merit: 1255
January 24, 2020, 01:08:34 PM
#18
Does that mean that the counter is persistent now?

Yeah, I suppose the seed just restores the counter now.
But I couldn't find any details in the release notes regarding this.

Also, even if it (somehow) is, the seed can’t possibly hold these numbers, so if you restore your wallet in another device, the U2F won’t go with it. Am I correct?

According to the information on the website you can import the seed on another ledger and U2F will work just fine.

Important information

    - If you lose access to your device, you can restore your recovery phrase on any Ledger hardware wallet and reinstall the Fido U2F app to get access to your account.
    - If you're managing the same private keys on multiple Ledger hardware wallets, only one device can be used for Fido U2F.
legendary
Activity: 2758
Merit: 6830
January 24, 2020, 11:11:21 AM
#17
I strongly assume that it was fixed by one of the last software updates.

That's why I removed the warning from the start post and expect that the Ledger Nano S can now finally be used as a FIDO U2F device without any counter problem.
Does that mean that the counter is persistent now?

Also, even if it (somehow) is, the seed can’t possibly hold these numbers, so if you restore your wallet in another device, the U2F won’t go with it. Am I correct?
legendary
Activity: 1232
Merit: 1255
January 24, 2020, 10:50:20 AM
#16
>> Attention <<
Quote
The FIDO U2F app on your Ledger device maintains an internal counter that changes each time you use FIDO U2F to log in on a third party service. After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on:

    1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email).
    2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication.
    3. Re-register your device as authentication method.
[source: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F]
Unfortunately, this is a very serious complication that stops me from using my ledger as a two-factor authorization device. If I forget to reset before flashing, I will have problems regaining access. And if I too often do a reset, this may look suspicious from the point of view of the site, and I try to avoid too close attention to security issues. The idea is good, the implementation is poor.

It seems that the problem with the internal counter has been solved.

At least the warning has been removed from their website:
https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F

Unfortunately I could not find anything in the release notes about it:
https://support.ledger.com/hc/en-us/articles/360010446000

The only thing I could find was this reddit post, saying that the counter problem will be fixed soon.
https://www.reddit.com/r/ledgerwallet/comments/d1kso9/does_the_ledger_nano_x_have_fido_u2f_can_i_use/eznwkv3/

I strongly assume that it was fixed by one of the last software updates.

That's why I removed the warning from the start post and expect that the Ledger Nano S can now finally be used as a FIDO U2F device without any counter problem.
sr. member
Activity: 728
Merit: 368
Sancho
October 04, 2019, 12:35:22 AM
#15
>> Attention <<
Quote
The FIDO U2F app on your Ledger device maintains an internal counter that changes each time you use FIDO U2F to log in on a third party service. After a firmware update, all apps have to be reinstalled. Unfortunately, this means that the counter is reset and you will not be able to login using the FIDO U2F app on your device before reconfiguring the services you use it on:

    1. Please use an alternative means of logging in onto the services you want to access (authenticator app/one-time password/request a password reset link by email).
    2. Once logged in, go into the (security) settings of the services on which you use FIDO U2F. Then, remove FIDO U2F with your Ledger device as a method of authentication.
    3. Re-register your device as authentication method.
[source: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F]
Unfortunately, this is a very serious complication that stops me from using my ledger as a two-factor authorization device. If I forget to reset before flashing, I will have problems regaining access. And if I too often do a reset, this may look suspicious from the point of view of the site, and I try to avoid too close attention to security issues. The idea is good, the implementation is poor.
sr. member
Activity: 906
Merit: 263
October 03, 2019, 11:17:36 PM
#14
Is there anythng you need to backup? Incase you lose your ledger? I once didn't backup my F2A and locked myself out when I reformatted my phone. They need to be more in your face about backing it up.
I was new to it and didn't realize what I had done (or rather didn't do) before it was too late. So from now on I constantly remind myself and other people to always backup. I make more then one backup too.
legendary
Activity: 2730
Merit: 7065
September 28, 2019, 03:11:38 AM
#13
@HarHarHar9965
Your post has nothing to do with the original OP + it is copy/pasted either from here https://coinsutra.com/edger-nano-s-setup-guide/ or somewhere else.
All you had to do was post a source link.
hero member
Activity: 994
Merit: 1000
September 28, 2019, 01:26:14 AM
#12
Caution: Only buy ledger Nano S from its official store and avoid other eCommerce stores including Amazon because you can lose your currencies like this man.

Once you have laid hands on your Ledger Nano S, self-educate yourself on how to use it because understanding its functionality is, well, a learning curve.

Keeping this learning curve in time, I thought of writing on a few things that you might need after you have your device in your hands.

Stick around and read this post so you can shorten your learning time and enjoy using Ledger Nano S.
legendary
Activity: 1232
Merit: 1255
September 26, 2019, 12:39:35 PM
#11
Since the internal counter resets itself after every firmware update (or if you accidentally uninstall the Fido u2f app), and you have to set up all services again, I added this information to the start post.

If this should be fixed with an upcoming firmware update, I will announce it here.
legendary
Activity: 1232
Merit: 1255
January 21, 2019, 11:14:06 AM
#10
The Nano S is also not the only wallet with FIDO/U2F support!

The following website shows all wallets that support FIDO/U2F:
https://www.hardware-wallets.de/fidou2f/
legendary
Activity: 1232
Merit: 1255
January 15, 2019, 04:21:53 AM
#9
Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.

Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).


Of course I wouldn't want to have the hardware wallet permanently with me, which stores the 'Life Savings'.

Just look at it this way: Before you buy a Yubikey you better get a Ledger Nano which can also store your cryptocurrencies safely.  Wink
legendary
Activity: 2758
Merit: 6830
January 14, 2019, 03:27:02 PM
#8
This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
Yes. It's basically the same technology (I still think the Yubikey is more convenient, but both work fine).
legendary
Activity: 1624
Merit: 1130
Bitcoin FTW!
January 14, 2019, 01:41:42 PM
#7
Thank you for this guide! I received one of my first Ledger Nano S wallets about a bit more than a year ago without knowing what the preinstalled Fido U2F application did; I’ll definitely be using this for Google and Twitter. I never knew hardware wallets could also serve as a form of 2FA as well as storing coins up to this point in time, and this may just make me buy another Ledger or two.  Grin

This may be a bit unrelated, but isn’t U2F also what the Yubikeys use for their version of 2FA? Just remembered those devices while reading through this post. Seems pretty similar to Fido U2F from what I can tell.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
January 14, 2019, 01:37:48 PM
#6
Interesting, but I’m a bit sceptical of using it. The idea of having a hardware wallet is to protect your crypto, and likely you will take care of the device itself and not leave it too handy.

Nevertheless, people log into their Google/Twitter/dropbox Accounts rather frequently, and therefore you will need to have the Ledger device handy (or use one for crypto and another for U2F).
legendary
Activity: 1232
Merit: 1255
January 14, 2019, 07:11:23 AM
#5
So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys

Yes the seed is the backup!

It doesn't have to be a nano, but for the recovery you need a hardware wallet which uses the BIP39/BIP44 standard for the recovery phrase and supports U2F.

Therefore a Trezor Wallet or a Ledger Blue can also be used.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 14, 2019, 05:35:06 AM
#4
OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one.
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).


I was thinking about this as well.

But in the end of the article I read this:

Another advantage: The Recovery Seed Phrase serves as a backup, which can also be restored with other hardware wallets!


Sources:
1) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html
2) https://www.dropbox.com/help/security/enable-two-step-verification



So the seed is the backup. You probably don't need a nano to restore it, there must be some other software you can use that does this u2f thing with your keys
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 14, 2019, 05:19:48 AM
#3
OK, from what I understand it's a better 2FA and it also check the web site / web service to be the correct one.
What I don't understand: what you do if the Ledger gets broken? For crypto the seed you saved will make sure you get another ledger and get access to your money. Is the same principle available for this 2FA too? (Sorry if this sounds stupid/newbish).


Edit: Thanks @bitmover for the answer/clearup. I've missed that part, shame on me.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 14, 2019, 03:49:58 AM
#2
This is very good and I didn't knew about this u2f.
Thanks for sharing, but I think you should have explained what is u2f

I made a little research (I never heard of it until today):

Quote
U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed.  FIDO2 is the latest generation of the U2F protocol.

U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more.

Origin Binding:  Defense against Phishing

With the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers.

https://www.yubico.com/solutions/fido-u2f/

So, to sum up, it's a better 2fa Smiley
 Will read more about it.
legendary
Activity: 1232
Merit: 1255
January 13, 2019, 03:49:13 PM
#1
This is a tutorial on how to use a Ledger Nano as a security key for a variety of online accounts.



Preview: Ledger Nano and U2F in action

1. Start FidoU2F App



2. Navigate to the previously set up online account and log in.

3. Confirm Login on the Ledger



4. Done!




Configure the Ledger as USB Security Key

1. Download and install Ledger Live: https://www.ledger.com/pages/ledger-live
2. Connect Ledger Wallet to your computer and unlock with PIN
3. Open Manager
4. Install the "Fido U2F" App

Set up Google Account

1. click 'Security' in your Google Account.
2. activate '2-Step Verification', if not done yet
3. connect Ledger and unlock with PIN
4. Click on 'ADD SECURITY KEY' from the available 2-Step-Verification options.
5. open the FidoU2F app on the ledger and click on continue
6. Click 'yes' on the Ledger when the 'Confirm registration' message appears.
7. Done!

Set up Twitter account

To be able to use U2F, the SMS notifications have to be activated first.

1. Open 'Settings and Privacy'
2. click on 'Set up login verification'
3. verify phone number
4. generate and write down backup code (if U2F key is lost)
5. connect ledger and unlock with PIN
6. open the FidoU2F app on the ledger
7. below 'Security key' click on 'Setup'
8. Done!

Set up Dropbox

First you have to set up 2FA via SMS or Authenticator App

1. log in to dropbox.com.
2. click on the profile picture.
3. select settings.
4. click on the 'Security' tab.
5. under ''Two-step verification' click 'ON
6. select either 'Per SMS' or 'Via mobile app' and complete the process
7. under 'Two-step verification' click the 'Add' button next to 'Security key'.
8. connect ledger, start FidoU2F app
9. click on 'Begin Setup'
10. enter dropbox password
11. Click 'yes' on the Ledger when the 'Confirm registration' message appears.
12. assign name for key
13. Done!



Other examples of websites that support U2F are e.g: AWS, Bitfinex, Github & Gitlab, Nextcloud

https://www.dongleauth.info offers a list of websites and whether they support Universal 2nd Factor (U2F) or not.


Another advantage: The Recovery Seed Phrase serves as a backup, which can also be restored with other hardware wallets!


Sources:
1) https://7labs.io/tips-tricks/ledger-wallet-as-usb-security-key.html
2) https://www.dropbox.com/help/security/enable-two-step-verification
Jump to: