U2F (Universal 2nd Factor)

﻿
Flipper Zero can act as a USB universal 2nd-factor (U2F) authentication token or security key that can be used as the second authentication factor when signing in to web accounts. A security key is a small device that helps computers verify that it is you when signing in to an account. The use of this feature increases the security of your accounts.
<div class="warning flipper-callout">
    <div class="callout-header">Insert a microSD card to use the U2F app</div>
    Before using the U2F app, make sure to update your Flipper Zero firmware with a microSD card inserted since Flipper Zero stores databases on a microSD card. For more information about the update process, visit the <a href="https://docs.flipperzero.one/basics/firmware-update" onclick="next.router.push('https://docs.flipperzero.one/basics/firmware-update')"><u>Firmware update</u> page.
</div>
<div class="warning flipper-callout">
    <div class="callout-header">Insert a microSD card to use the U2F app</div>
    Before using the U2F app, make sure to update your Flipper Zero firmware with a microSD card inserted since Flipper Zero stores databases on a microSD card. For more information about the update process, visit the <a href="https://docs.flipperzero.one/basics/firmware-update" onclick="next.router.push('https://docs.flipperzero.one/basics/firmware-update')"><u>Firmware update</u> page.
</div>
﻿
To learn more about websites that support two-factor authentication, visit the USB-Dongle Authentication website.
On this page, you’ll learn how to turn your Flipper Zero into a security key and use the device as the second authentication factor.
﻿
Setting up your Flipper Zero as a security key
<div class="warning flipper-callout">
    <div class="callout-header">For security-sensitive websites, use certified U2F security keys</div>
    Flipper Zero U2F function is only implemented in software. For financial services and other security-sensitive websites, we recommend using hardware-backed certified U2F devices.
</div>
<div class="warning flipper-callout">
    <div class="callout-header">For security-sensitive websites, use certified U2F security keys</div>
    Flipper Zero U2F function is only implemented in software. For financial services and other security-sensitive websites, we recommend using hardware-backed certified U2F devices.
</div>
﻿
Before using the U2F feature, you need to register your Flipper Zero as a security key for two-factor authentication of a user on your web accounts.
To add the device as a security key to your account, do the following:
1
If the qFlipper application is running on your computer, close the application.
2
Connect your Flipper Zero to the computer via a USB cable.
3
On your Flipper Zero, go to Main Menu -> U2F and make sure that Connected is displayed on the screen.
4
In your web account, activate the two-factor authentication of a user by following the website’s instructions. Websites such as Google, X, Facebook, GitHub, and others have different procedures for adding security keys.
5
Choose a security key as the 2nd verification step.
6
On your Flipper Zero, press %ok%OK to confirm the registration of Flipper Zero as a security key.
Register as a security key
﻿
<div class="warning flipper-callout">
    <div class="callout-header">Do not delete, edit, or move U2F files to another Flipper Zero</div>
    Each Flipper Zero has a unique cryptographic key that generates unique encrypted U2F files. If you reinsert your microSD card with U2F files into another Flipper Zero, you’ll not be able to sign in to your web accounts with the new device.
<br>
<br>
    If you delete U2F files, edit U2F files, or insert a new microSD card into your Flipper Zero, the device will generate a new set of U2F files. In this case, you’ll be required to re-register Flipper Zero as a security key in all of your web accounts.
 <br>
 <br>
    If you delete the <code>u2f/assets</code> folder or the <code>u2f</code> folder entirely, your Flipper Zero will not be able to use the U2F application, as the assets folder contains the cryptographic certificate that is used for registration and authentication. You can restore this folder by updating your Flipper Zero’s firmware.     
</div>
<div class="warning flipper-callout">
    <div class="callout-header">Do not delete, edit, or move U2F files to another Flipper Zero</div>
    Each Flipper Zero has a unique cryptographic key that generates unique encrypted U2F files. If you reinsert your microSD card with U2F files into another Flipper Zero, you’ll not be able to sign in to your web accounts with the new device.
<br>
<br>
    If you delete U2F files, edit U2F files, or insert a new microSD card into your Flipper Zero, the device will generate a new set of U2F files. In this case, you’ll be required to re-register Flipper Zero as a security key in all of your web accounts.
 <br>
 <br>
    If you delete the <code>u2f/assets</code> folder or the <code>u2f</code> folder entirely, your Flipper Zero will not be able to use the U2F application, as the assets folder contains the cryptographic certificate that is used for registration and authentication. You can restore this folder by updating your Flipper Zero’s firmware.     
</div>
﻿
﻿
Signing in with your Flipper Zero
Once you’ve added your Flipper Zero to your account as a security key, you can use the device as the 2nd factor.
To sign in to your account with Flipper Zero, do the following:
1
If the qFlipper application is running on your computer, close the application.
2
Connect your Flipper Zero to your computer via a USB cable.
3
On your Flipper Zero, go to Main Menu -> U2F and make sure that Connected is displayed on the screen.
4
While signing in to your web account, complete the 1st verification step in your account by entering the password.
5
Once you get the request for the security key, press %ok%OK on your Flipper Zero to confirm that it is you.
An example of Google verification 2nd step message
﻿
﻿
﻿U2F application source code﻿
﻿
Updated 25 Oct 2024
Did this page help you?
Bad USB
Apps