Security Key

Pikes.Place Home

Yubico - YubiKey 5C NFC - Two-Factor authentication (2FA) Security Key, Connect via USB-C or NFC, FIDO Certified OnePack - Black

Installs

Amazon

Paypal

Google

Opinion

Usernames and passwords are the first line of defense for your online accounts. However, against brute-force attacks, data breaches, sophisticated phishing, and now AI-based automated attacks, they are often far from sufficient.

In response to modern cyber threats, many online companies and services have implemented two-factor or multi-factor authentication (2FA/MFA) and passwordless authentication, which make it more difficult to compromise an account.

However, if you need to go further, a security key is your best bet

BEST SECURIY KEY - Per ZDnet Review

This is the one I have had for years...

Yubico - YubiKey 5C NFC - Two-Factor authentication (2FA) Security Key, Connect via USB-C or NFC, FIDO Certified OnePack - Black

Installs

Amazon

Amazon.com's standard Two-Step Verification (also called 2SV or MFA) primarily supports:

Text message (SMS) to a phone number

An authenticator app (like Google Authenticator or Authy) for time-based one-time passwords (TOTP)

It does not natively support hardware security keys like YubiKey in U2F/FIDO2 "tap-to-authenticate" mode for regular consumer accounts (unlike AWS, Google, or Microsoft).

You have two main options:

Best/recommended: Use YubiKey with an authenticator app (TOTP mode) — And the Authenticator app can be set to require the key. (which is a little overkill at this point)

Paypal

#### Steps:

1. Log in to PayPal on a desktop web browser (Chrome, Edge, Firefox, or Safari recommended). Do this on a computer for best YubiKey support — the mobile app has limited options.

2. Click the gear icon (Settings) in the top right, next to "Log out."

3. Click Security near the top of the page.

4. Next to 2-step verification, click **Set Up** (or **Update** / **Manage** if already enabled).

5. If you don't have any 2-step method yet, you'll be prompted to add one first (you can start with an authenticator app or SMS temporarily).

Once you have at least one method set up, look for **Add a device** or **Add backup method** / **Add another way to verify**.

6. Select **Use a security key** (or **Security key device** / **FIDO security key**).

7. Insert your **YubiKey** into a USB port (or use NFC on supported phones/keys).

NOTE: Paypal is a PITA setup and needs to use an Authenticator app. Install it on you phone. Once you have BOTH that Authenticator App AND the Security Key set up only THEN can you choose the primary method for login by selecting Set As Primay

Google

### Prerequisites

- A compatible **hardware security key** that supports FIDO U2F or FIDO2 (most modern ones like YubiKey 5 series, Google Titan, etc., work).

- A computer with a compatible browser (Chrome, Firefox, Edge, or Safari 13+ recommended).

- Your Google account should already have a **phone number** or another backup 2FA method set up for recovery.

### Step-by-Step Instructions

1. **Sign in to your Google Account**

Go to [myaccount.google.com](https://myaccount.google.com) and sign in with the account you want to secure.

2. **Go to Security settings**

In the left sidebar, click **Security & sign-in**.

3. **Access 2-Step Verification**

Under the "How you sign in to Google" section, click **2-Step Verification**.

- If it's not already turned on, follow the prompts to **enable 2-Step Verification** first (you'll need a backup method like a phone).

- Enter your password again if prompted.

4. **Add your security key**

Scroll down to the "Second steps" or "Add more second steps" section.

Click **Add security key** (or "Security key" / "Use a security key").

- Google may prompt you to name or register it.

- When instructed, **insert your security key** into a USB port (or tap it if it's NFC).

- **Touch the key** when it lights up or prompts you (usually on the gold contact or logo).

- Confirm and give the key a name (e.g., "My YubiKey").

5. **Test it**

Sign out of your Google account and try signing back in. You should now be prompted to insert and touch your security key.

Opinion

I've moved virtually all of my banking over to PayPal.

What I really like is that PayPal offers Security Key 2FA, which neither my Capitol One checking account nor my credit union currently supports. Even my direct deposits now go straight there.

I know it's not FDIC insured, but I'm totally fine with that — I never keep more than one paycheck in the account anyway.