How to Set Up Two-Factor Authentication Using a Security Key¶
Two-factor authentication refers to the security practice of requiring two different types of verification to prove your identity. When you activate two-factor authentication on your Gandi account you will provide both your regular password and an additional code generated either from an app–usually on your mobile device (TOTP), or from a USB device you plug into your computer (U2F).
This page focuses on security keys. You can read more about TOTP here.
You can activate both security keys and TOTP at the same time to have the option of using either method. We recommend using both so that you can log in using a TOTP code if your security device is broken or lost. When you log in you will be asked for your security key first. If you don’t have your security key available you will then be asked to provide a TOTP code. You will only need to provide one of the authentication methods to enter your account.
You can also see if members of your team have activated two-factor identification by :ref:`looking at your sharing settings<manage_sharing>`_.
“Security key” refers to a collection of physical devices which you connect to your computer to act as a secondary authentication of identity on an account. To use a security key you need to have purchased a physical device which you will then need to have with you every time you log in to your Gandi account. You will plug the key into your computer to verify your identity each time you log in to Gandi.
Gandi supports both U2F and WebAuthn compliant software devices. This includes, but is not limited to FIDO U2F security keys (such as Yubico keys), Ledger and other security wallets, and Apple Touch ID.
In order to use a security key the browser you use must support the appropriate software for the key you have purchased. Please check with your security key manufacturer to make sure that you are using a browser that supports your device. If you are using Apple Touch ID on a laptop, make sure that you have activated Touch ID and provided a fingerprint before attempting to add it to your account.
If you are using a device which uses the WebAuthn standard, you can visit this page to make sure your broswer supports it.
Some customers have reported problems activating their security key using the Safari web browser. If you encounter problems, we recommend trying again using a different browser.
Activate your security key for your Gandi account by following these steps:
Own or have permanent access to a hardware security device and verify that you have done any necessary set-up.
Log in to your Gandi account.
In the top right corner of the page click the arrow next to your username.
Click “User Settings”.
Click “Change password & configure access restrictions”.
Click “Manage your security key authentication”.
Carefully read the instructions, then click “Add a new key” when you are ready.
Provide a name for your key then click “Continue”.
Plug in your security key. Or, if using Apple Touch ID select it when prompted by your browser.
If the security key has a button press it.
You may see a dialog box asking you to give permission to interact with the key. If you see this box, confirm it.
The key should now appear in the list of installed keys on the page for your use next time you log in to your account.