Using a Yubikey Neo as a security key in Chrome for two factor auth

Setting up the Yubikey Neo takes a couple of additional steps before you can use it with Chrome two factor. Let's walk through the steps.

2 min read Filed in Web

I’m a fan of two factor authentication as means to offer better security. Lots of services and sites now support the technique and more are adding the functionality every day. For a full list, see twofactorauth.org.

Recently, Google Security noted in a blog post that they have add the use of security keys. The implemention uses the Universal 2nd Factor (U2F) protocol from the FIDO Alliance.

While currently only working in Chrome, there is tracking ticket on Bugzilla for Mozilla (Bug 1065729 - Implement the FIDO Alliance u2f javascript API).

Making it work with a Yubikey Neo

I picked up a Yubikey Neo for a couple reasons. One, I wanted to scope out the work in Chrome and Google Accounts. Two, I have some NFC things I’d like to use it for later in November.

However, you can’t just use the Neo out of the package. A few steps to make it work:

  1. Download and install the Neo Manager application for your respective platform: https://developers.yubico.com/yubikey-neo-manager/Releases/

  2. After install, insert Neo and verify the version. You need a version 3.3 Neo device to use U2F; earlier versions of the Neo won’t work and cannot be upgraded.

Neo Manager app showing status

  1. Change the connection mode to U2F (you can’t use OTP and U2F at the same time).

  2. Verify the mode again and then head over to https://security.google.com/settings/security/securitykey/list?pli=1

  3. Click add and walk through steps and you should have U2F rolling! See screenshot below.

Security key setup for Google Account

Since the $50 price tag for the Neo might put some folks off, there is a specific Yubico key preset to U2F only for $18 (see FIDO U2F Security Key @ Amazon). I have not tried this key but it is specifically linked in the Google Support documents.