U2F (Universal 2nd Factor)

﻿
Flipper Zero can act as a USB universal 2nd-factor (U2F) authentication token or security key that can be used as the second authentication factor when signing in to web accounts. A security key is a small device that helps computers verify that it is you when signing in to an account. The use of this feature increases the security of your accounts.
To learn more about websites that support two-factor authentication, visit the USB-Dongle Authentication website.
<div class="warning flipper-callout">
    <div class="callout-header">For security-sensitive websites, use certified U2F security keys</div>
    Flipper Zero U2F function is only implemented in software. For financial services and other security-sensitive websites, we recommend using hardware-backed certified U2F devices.
</div>
<div class="warning flipper-callout">
    <div class="callout-header">For security-sensitive websites, use certified U2F security keys</div>
    Flipper Zero U2F function is only implemented in software. For financial services and other security-sensitive websites, we recommend using hardware-backed certified U2F devices.
</div>
﻿
﻿
Setting up your Flipper Zero as a security key
Before using the U2F feature, you need to register your Flipper Zero as a security key for two-factor authentication of a user on your web accounts.
To add the device as a security key to your account, do the following:
1
If the qFlipper application is running on your computer, close the application.
2
Connect your Flipper Zero to the computer via a USB cable.
3
On Flipper Zero, go to Main Menu -> U2F and make sure that "Connected" is displayed on the screen.
4
In your web account, activate the two-factor authentication of a user by following the website's instructions. Websites such as Google, Twitter, Facebook, GitHub, and others have different procedures for adding security keys.
5
Choose a security key as the 2nd verification step.
6
On Flipper Zero, press %ok%OK to confirm the registration of Flipper Zero as a security key.
Register as a security key
﻿
<div class="warning flipper-callout">
    <div class="callout-header">Do not delete, edit, or move U2F files to another Flipper Zero</div>
    Each Flipper Zero has a unique cryptographic key that generates unique encrypted U2F files. If you reinsert your microSD card with U2F files into another Flipper Zero, you will not be able to sign in to your web accounts with the new device.
<br>
<br>
    If you delete U2F files, edit U2F files, or insert a new microSD card into your Flipper Zero, the device will generate a new set of U2F files. In this case, you will be required to re-register Flipper Zero as a security key in all of your web accounts.
 <br>
 <br>
    If you delete the <code>u2f/assets</code> folder or the <code>u2f</code> folder entirely, your Flipper Zero won’t be able to use the U2F application, as the assets folder contains the cryptographic certificate that is used for registration and authentication. You can restore this folder by updating your Flipper Zero’s firmware.     
</div>
<div class="warning flipper-callout">
    <div class="callout-header">Do not delete, edit, or move U2F files to another Flipper Zero</div>
    Each Flipper Zero has a unique cryptographic key that generates unique encrypted U2F files. If you reinsert your microSD card with U2F files into another Flipper Zero, you will not be able to sign in to your web accounts with the new device.
<br>
<br>
    If you delete U2F files, edit U2F files, or insert a new microSD card into your Flipper Zero, the device will generate a new set of U2F files. In this case, you will be required to re-register Flipper Zero as a security key in all of your web accounts.
 <br>
 <br>
    If you delete the <code>u2f/assets</code> folder or the <code>u2f</code> folder entirely, your Flipper Zero won’t be able to use the U2F application, as the assets folder contains the cryptographic certificate that is used for registration and authentication. You can restore this folder by updating your Flipper Zero’s firmware.     
</div>
﻿
﻿
Signing in with your Flipper Zero
Once you've added your Flipper Zero to your account as a security key, you can use the device as the 2nd factor.
To sign in to your account with Flipper Zero, do the following:
1
If the qFlipper application is running on your computer, close the application.
2
Connect your Flipper Zero to your computer via a USB cable.
3
On your Flipper Zero, go to Main Menu -> U2F and make sure that "Connected" is displayed on the screen.
4
While signing in your web account, complete the 1st verification step in your account by entering the password.
5
Once the request for the security key is displayed, on Flipper Zero, press %ok%OK to confirm that it is you.
An example of Google's 2nd step verification message
﻿
﻿
﻿U2F application source code﻿
﻿
Updated 11 Sep 2023
Did this page help you?
TABLE OF CONTENTS
Setting up your Flipper Zero as a security key
Signing in with your Flipper Zero