Comment on page
How to use Hideez Key for two-factor authentication
FAQ — Question 3
Hideez Key supports one-time passwords (time-based one-time password, TOTP) according to RFC 6238 standard.
The main idea of using one-time passwords is that there is a shared secret known only by two devices (a private key). Using encryption, one of the devices generates a short (e.g., six-digit) one-time password based on this key. This password is sent to the second device to be checked. The second device uses the same algorithm. It generates the same secret key, creates a one-time password and compares it with the password received from the first device. If the passwords are the same - access will be granted.
One-time passwords are so called because of their generation algorithm. In addition to the private key, the one-time password counter is also used here. Each time the password will differ from the previous one. The counters on both sides must be synchronized: if at least one password is missed, they will not be the same and the algorithm will be broken. Another convenient option for one-time password generation can be synchronization by time. In this case, the generation algorithm does not use the counter, but the current time. With time synchronization between the devices, you always get the same passwords on both sides. According to RFC 6238 standards, the time is rounded up to the nearest 30 seconds: for example, every 30 seconds your one-time password will change.
Hideez Key uses the second option: synchronization by time. Time synchronization between the key fob and the computer/smartphone occurs when a connection is established between them. In order to work properly, you need to set the correct time on your PC, otherwise, it will not coincide with the time on the server that checks the OTP and the passwords will not match.
You can add the OTP secret key to any account in the password manager window.
The following information shows how to use Hideez Key for Google two-factor authentication (TWA).
- 1.Go to your account security settings https://accounts.google.com/b/0/SmsAuthConfig
- 2.Turn on TWA for your account (corporate clients may need corporate admin confirmation).
- 3.Google may ask for your mobile number. Input it and put in the special code received from Google via SMS.
- 4.Choose “Get codes via our mobile app instead”, and check “Android”. In the “Set up Google Authenticator” dialog click on the link “Can't scan the barcode?” and find the 32-symbol secret key shown in the form of text.
- 5.Copy the secret key into the clipboard.
- 6.Open your Password manager entry, click “Enter secret OTP key”, paste the copied data and save the changes.
- 7.After that, open the browser and click OK to complete the settings. Google will immediately ask you to enter a one-time password to be sure that you have configured everything properly. Press the key combination to enter the OTP (the default is Control + Alt + O). A one-time password will be created in the key fob and will be entered in the input field. Before it checks the OTP, the secret key will not be applied and the two-factor authentication will be turned off. See video of Google 2FA settings with Hideez Key for Windows on the channel.
Note: Each new secret code generation on the Google web-service makes the previous code invalid, so you need to install the private key on all the devices simultaneously, e.g. Hideez Key and Google Authenticator on your smartphone.