Hideez Key 1-2
  • Initial page
  • General
    • Principles of operation
    • Purpose of Hideez Key
    • System Requirements
  • VIDEO GUIDES
  • Windows
    • Installation file for Windows
    • First Setup
  • FAQ
    • What is Hideez Key's manufacturer warranty?
    • Supported browsers and applications
    • How to use Hideez Key for two-factor authentication
    • How long does the Hideez Key work before the battery needs to be changed?
    • Can I use the Hideez Key if my PC does not have Bluetooth 4.0 adapter?
    • What should I do if my Hideez Key was stolen/lost?
    • How many RFID keys can be written to one Hideez Key device?
    • Where are my passwords physically stored?
    • How can I clean my Hideez Key if I want to give it to someone else?
    • Can I make a backup copy of the data from the Hideez Key?
    • How to import passwords from a CSV file?
    • What physical conditions are dangerous for the Hideez Key?
    • Setting hotkeys
    • Is the Hideez Key allowed on planes?
  • Troubleshooting
    • Removal of bonds (information about previous connections) in the engineering menu
    • Updating the firmware from bootloader mode
    • How to change the battery?
    • How to take logs from Hideez Safe application (only for Windows)
    • Bluetooth error
  • Documentation Portal (home)
Powered by GitBook
On this page

Was this helpful?

  1. FAQ

How to use Hideez Key for two-factor authentication

FAQ — Question 3

PreviousSupported browsers and applicationsNextHow long does the Hideez Key work before the battery needs to be changed?

Last updated 4 years ago

Was this helpful?

Hideez Key supports one-time passwords (time-based one-time password, TOTP) according to RFC 6238 standard.

The main idea of using one-time passwords is that there is a shared secret known only by two devices (a private key). Using encryption, one of the devices generates a short (e.g., six-digit) one-time password based on this key. This password is sent to the second device to be checked. The second device uses the same algorithm. It generates the same secret key, creates a one-time password and compares it with the password received from the first device. If the passwords are the same - access will be granted.

One-time passwords are so called because of their generation algorithm. In addition to the private key, the one-time password counter is also used here. Each time the password will differ from the previous one. The counters on both sides must be synchronized: if at least one password is missed, they will not be the same and the algorithm will be broken. Another convenient option for one-time password generation can be synchronization by time. In this case, the generation algorithm does not use the counter, but the current time. With time synchronization between the devices, you always get the same passwords on both sides. According to RFC 6238 standards, the time is rounded up to the nearest 30 seconds: for example, every 30 seconds your one-time password will change.

Hideez Key uses the second option: synchronization by time. Time synchronization between the key fob and the computer/smartphone occurs when a connection is established between them. In order to work properly, you need to set the correct time on your PC, otherwise, it will not coincide with the time on the server that checks the OTP and the passwords will not match.

You can add the OTP secret key to any account in the password manager window.

The following information shows how to use Hideez Key for Google two-factor authentication (TWA).

  1. Go to your account security settings https://accounts.google.com/b/0/SmsAuthConfig

  2. Turn on TWA for your account (corporate clients may need corporate admin confirmation).

  3. Google may ask for your mobile number. Input it and put in the special code received from Google via SMS.

  4. Choose “Get codes via our mobile app instead”, and check “Android”. In the “Set up Google Authenticator” dialog click on the link “Can't scan the barcode?” and find the 32-symbol secret key shown in the form of text.

  5. Copy the secret key into the clipboard.

  6. Open your Password manager entry, click “Enter secret OTP key”, paste the copied data and save the changes.

  7. After that, open the browser and click OK to complete the settings. Google will immediately ask you to enter a one-time password to be sure that you have configured everything properly. Press the key combination to enter the OTP (the default is Control + Alt + O). A one-time password will be created in the key fob and will be entered in the input field. Before it checks the OTP, the secret key will not be applied and the two-factor authentication will be turned off. See video of Google 2FA settings with Hideez Key for on the .

Note: Each new secret code generation on the Google web-service makes the previous code invalid, so you need to install the private key on all the devices simultaneously, e.g. Hideez Key and Google Authenticator on your smartphone.

Windows
channel