How to Set Up Two-Factor Authentication Using a Security Key

Two-factor authentication refers to the security practice of requiring two different types of verification to prove your identity. When you activate two-factor authentication on your Gandi account you will provide both your regular password and an additional code generated either from an app–usually on your mobile device (TOTP), or from a USB device you plug into your computer (U2F).

This page focuses on security keys. You can read more about TOTP here.

You can activate both security keys and TOTP at the same time to have the option of using either method. We recommend using both so that you can log in using a TOTP code if your security device is broken or lost. When you log in you will be asked for your security key first. If you don’t have your security key available you will then be asked to provide a TOTP code. You will only need to provide one of the authentication methods to enter your account.

You can also see if members of your team have activated two-factor identification by looking at your sharing settings.

How Security Keys Work

“Security key” refers to a collection of physical devices which you connect to your computer to act as a secondary authentication of identity on an account. To use a security key you need to have purchased a physical device which you will then need to have with you every time you log in to your Gandi account. You will plug the key into your computer to verify your identity each time you log in to Gandi.

Gandi supports both U2F and WebAuthn compliant software devices. This includes, but is not limited to FIDO U2F security keys (such as Yubico keys), Ledger and other security wallets, and Apple Touch ID.

Activating Your Security Key

In order to use a security key the browser you use must support the appropriate software for the key you have purchased. Please check with your security key manufacturer to make sure that you are using a browser that supports your device. If you are using Apple Touch ID on a laptop, make sure that you have activated Touch ID and provided a fingerprint before attempting to add it to your account.

If you are using a device which uses the WebAuthn standard, you can visit this page to make sure your broswer supports it.


Some customers have reported problems activating their security key using the Safari web browser. If you encounter problems, we recommend trying again using a different browser.

Activate your security key for your Gandi account by following these steps:

  1. Own or have permanent access to a hardware security device and verify that you have done any necessary set-up.

  2. Log in to your Gandi account.

  3. In the top right corner of the page click the arrow next to your username.

  4. Click “User Settings”.

  5. Click “Password & access restrictions”.

  6. In the “Multi-factor authentication” section click on “Add key”. If you have already added a security key as a recovery option you can click the plus icon for that security key to also use it as an MFA device. If you have no keys currently added click “Add a new key”.

  7. Provide a name for your new key. You can also check the option “Use this security key as a recovery option” to also use the security key as a recovery option. The option “Use this security key every time I log in.” will be checked automatically.

  8. Click “Continue” and follow the directions to complete the process.

The key should now appear in the list of installed keys on the page for your use next time you log in to your account. You can delete a key by clicking on the red trash icon next to the key. This will only remove the key as an MFA device. To remove it as a recovery option you should also remove it in the Recovery options section.

Blocked Account

If you have lost access to your security key and are locked out of your account, please contact our support team. You will then need to send them a copy of this form to regain access to your account.