A Beginner’s Guide to Using Two-Factor Authentication and U2F to Secure Your Passwords

Dashlane, Two-Factor Authentication, YubiKey and U2F combined!

We’re proud to announce an industry first – Dashlane is the first password manager to support the FIDO Alliance’s Universal Second Factor (U2F) for two-factor authentication! We’re partnering with Yubico, creators of the YubiKey, to provide you with a simple way to add an extra layer of security and convenience to your passwords that is unrivaled in the industry!

While this is monumental news for the tech and security industries, what does this mean for you? As a non-tech genius myself, I did a lot of research and wrote this blog post to break down the complex technical concepts and acronyms, and introduce you to an innovative security feature you never knew you needed!

Think of this post as “How to Add an Extra Layer of Physical Control Over Your Digital Identity 101”.

Let’s jump right in!

Lesson 1: An Introduction to Two-Factor Authentication and Universal Second Factor

Today, when you signed into your favorite website or app, you were probably asked to sign in using a username or email, and password. The password you entered is considered a single-factor authentication. One factor, your password, proved to the website that you are allowed to access the account.

Two-Factor Authentication, commonly referred to as 2FA, is a feature that adds an additional “factor” to your normal login procedure to verify your identity. 2FA adds an extra layer of security by verifying your identity using two of three possible identifiers: something you know (your password, PIN number, zip code, etc.) something you are (via facial recognition, your fingerprints, retina scans, etc.), or something you have (a smartcard, your smartphone, etc.).

All 2FA systems work somewhat differently. Some 2FA programs may prompt you to enter a one-time numeric code from a text message (SMS) after entering your username and password. Authenticator smartphone apps are also a popular 2FA option. These apps generate a login code locally on your smartphone or tablet, which typically expire in 30 or 60 seconds. Dashlane currently supports Google Authenticator, FreeOTP, and Authy on iOS and Android devices. You can visit our help center for more information on how to enable these Authenticator apps in Dashlane.

Universal Two-Factor Authentication, commonly referred to as U2F, is an advanced and open standard for two-factor authentication pioneered by Yubico and Google. Because it is an open standard, if I make a key according to the U2F technical specification – like a YubiKey – it will be accepted at all the places that accept U2F as a method of authentication, with no new drivers or client software required! The U2F specifications are maintained and advanced by the FIDO Alliance, a non-profit association dedicated to advancing the security and convenience of online authentication.

Lesson 2: How Dashlane and YubiKeys Keep Your Passwords Secure with a Touch of a Button

Dashlane, YubiKey, and Two-Factor Authentication, with U2F Support

For many users currently using 2FA to secure their passwords and account information, picking up your smartphone, opening your Authenticator app, and entering that code in a different app before the 30 seconds expires is time-consuming, error-prone, quite frankly, it can become a major inconvenience!

YubiKeys are the leading multi-factor authentication device on the market and can authenticate your identity with a simple touch of a button! They’re lightweight, waterproof, require no batteries, and can be easily attached to your keychain.

YubiKeys also do not store any of your personal information! That means you don’t have to worry about your account being compromised if you happen to lose your key.

When a U2F-enabled YubiKey is paired with your Dashlane Premium account, you’ll have physical control of your passwords and digital identity!

– It’s easy to use! – You can use your YubiKey right out of the box, allowing you to have instant authentication to a number of services, with no codes to re-type, and no drivers to install.

– You’ll have peace of mind – Dashlane’s and YubiKey’s support of 2FA, along with native in-browser support protects you against phishing, session hijacking, malware, and other attack methods that may attempt to breach your accounts.

– Guaranteed privacy – Dashlane paired with YubiKey allows you to choose, own, and control your secure online identity, including anonymous profiles! A YubiKey device generates a new pair of keys for every service, and the public key is only stored on the specific service to which it connects. With this approach, no secrets are shared among service providers.

Lesson 3: How to Set Up Dashlane with U2F and YubiKeys

Already have a U2F-enabled YubiKey? Perfect. Setting up your Dashlane Premium account with your YubiKey is easy. With 2FA enabled on your Dashlane account, you will now be able to log into Dashlane using a U2F YubiKey without the hassle of opening an Authenticator app. Simply, enter your Master Password, insert your YubiKey and touch the button, and you’re done!

This short video below will show you how to set up your U2F-enabled YubiKey with Dashlane.

For detailed step-by-step instructions on how to enable 2FA and U2F YubiKeys with your Dashlane account, please visit this Help Center article.

Lesson 4: Why Dashlane + YubiKey are Perfect for Small Businesses and Enterprises

This is also great news for your business or enterprise. With Dashlane for Business and U2F-enabled YubiKeys, you’ll add an additional layer of security over your company’s important data, and give employees physical control over their password security!

– Maximize your password security – For enterprises currently using a One-Time Password (OTP) authentication method, Dashlane combined with U2F YubiKeys gives your company an innovative solution to block modern hacker techniques and cyber attacks.

– Increase company-wide productivity – Save valuable time and IT resources wasted on resetting forgotten passwords, and hunting down 2FA security codes via email or text messages.

– Manage teams and personnel effectively – With Dashlane for Business, team administrators will have the ability to quickly on/off-board employees, measure overall security of your employee’s password habits, and ensure a consistent, effective security policy. YubiKeys also make it simple for team administrators to control, restrict, and remove access to passwords.

– Teams and sharing done right – With Dashlane for Business and U2F-enabled YubiKeys, you’ll effectively eliminate the persistent problem of employee password sharing and reuse! You’ll maintain password integrity across teams and on multiple devices, and ensure access to passwords and notes with our Emergency Contacts feature if an employee is unavailable.

Lesson 5: Where to Purchase your own U2F YubiKeys

Get Dashlane for Business and YubiKeys for your team today with our exclusive enterprise bundle. Visit go.dashlane.com/yubico to learn more.

Individuals and families looking to purchase a U2F-compatible YubiKey can do so directly on Amazon.com

I hope this guide answers many of your questions about our exciting new partnership with Yubico, but please don’t hesitate to ask me more questions in the comments below.

We’re excited to provide you with the power of Dashlane, the convenience of YubiKey, and the security of U2F to protect your online identity unlike ever before and we can’t wait for you to try it!

    Malaika Nicholas

    Content & Community Manager at Dashlane

    Read More