U2F stands for Universal Second Factor, an open authentication universal standard for tokens. A security token is a physical device used to gain access to the restricted resource. Tokens automatically transmit the authentication information to the computer once a physical connection is made.
U2F is a hardware-based authentication, where a single token can have keys for many different sites and apps, so there’s no need for an individual to have multiple tokens.
With U2F, the login is secured by the device, so nothing is cached and the token can be carried around once the user logs out. That is, when you first add the key to your account, your key generates a random number. It uses a secure hash function to mix this with the domain of the website you are on (e.g. namecheap.com) and a private key (which never leaves the device), to generate a unique private key for your account. From this unique private key, the device works out a public key and a secure checksum (sequence of numbers and letters), which it sends to the server along with the random number.
The use of private-public key cryptography makes the U2F method not vulnerable to phishing attacks, and protects against session hijacking, man-in-the-middle, and malware attacks.
U2F overcomes many of the security flaws of other methods, which makes it one of the most secure and easy-to-use methods available today.
Where is it supported?
How to use U2F
U2F Management
Adding a new device
Backup Codes
Log in with U2F
Where is it supported?
Google Chrome, Mozilla Firefox, and Edge are the browsers that currently support U2F on Windows, Mac, and Linux.
U2F also works with the Google Chrome browser on Android, assuming you have a USB key with NFC support built in.
As for Apple devices and the Safari browser, it's possible to register a U2F key with iOS 14 and the latest version of Safari (starting from v.13.3).
How to use U2F
To get started, you’ll need just a few things:
- A U2F security key. You can use any U2F key for 2FA, like YubiKey authentication token. NB: If you want to use it with an Android device, make sure to purchase the security key with NFC.
- Google Chrome, Mozilla Firefox, or Edge browser. NB: If you want to use Safari, make sure you have the latest version installed. It's also preferable to have an iOS version starting from 14 for iPhones.
To configure U2F, you should link your U2F key to your Namecheap account. It is possible to connect as many keys as you’d like to your Namecheap account and use any of them to verify your second step.
To start using the U2F 2FA method in your Namecheap account, go to Profile >> Security >> Access >> Two-Factor Authentication page and click Enable:
Enter your Namecheap password and confirm the change by clicking Continue:
PLEASE NOTE: If you already have any of the 2FA methods enabled (SMS, OneTouch or TOTP), the pop-up window with a request to confirm the authentication method change will appear:
On the next page, you will receive the set of backup codes that can help you to recover access to your Namecheap account if you lose your device/s or cannot use them for some reason. You need to either print or copy the backup codes somewhere. Once you have done this, click Next:
A few things to keep in mind:
- If you change the 2FA method from TOTP to U2F, the same backup codes that were created for the TOTP 2FA method will be kept for U2F as well. You can regenerate them during U2F method setup if you wish.
- The Backup Codes are activated only if the U2F setup process is fully completed.
- After one of the backup codes is used to sign in, it becomes inactive.
- You can generate a new set of backup codes whenever you want. After creating a new set, the old set will automatically become inactive.
- We recommend that you store your backup codes in a safe place, eg: in a password manager.
On the next page, enter a name for your U2F key and click Register:
Insert your U2F security key into your computer’s USB port within 30 seconds and press the button on it when prompted:
If something goes wrong or you do not insert the key within 30 seconds, you will receive an error message. If this happens, try the process again:
Once the device is successfully registered, the corresponding pop-up window will appear:
The next time you log into your Namecheap account, you’ll be prompted to insert your U2F security key.
U2F Management
Adding a new device
If you would like to link several U2F keys to your Namecheap account, click Add device in the Device Authentication (U2F) section:
The process is the same as for the first device: you will need to enter your Namecheap password first and the name of the device after that:
Finish the new device registration by clicking Register and inserting the U2F key into the USB port. In case of successful registration, the new device will appear above any previously added ones:
Backup Codes
In the Backup Codes section, you can check your available, and used, backup codes by clicking Show Backup Codes (you will need to confirm this action by entering your password associated with your Namecheap account):
If you somehow misplaced your backup codes, whether they were lost, stolen, or ran out, you can retrieve them on your settings page: Profile >> Security >> Access >> Two-Factor Authentication. In the Backup Codes section, click on the drop-down and choose Regenerate Backup Codes:
When the following window appears, confirm your action by clicking Regenerate:
After your Namecheap password is confirmed, you will receive a new set of backup codes that will invalidate the previous ones. Make sure to save your new backup codes in a safe place or print them out.
Log in with U2F
On the login page, enter your Namecheap username and password (your normal identity source login credentials). After your username and password are verified, you will be prompted to insert the U2F key into your computer’s USB port to authorize the login:
If you do not have access to the U2F key or it does not work for some reason, you can click Enter a Backup Code to log in using one of your backup codes:
The previously-used backup codes will be then grayed out in your Namecheap account when checking the Show Backup Codes section.
In case a device is successfully verified, you will get a corresponding message and then redirected to the Namecheap Dashboard:
If you have any questions, feel free to contact our 24/7 Customer Support Team.
