U2F stands for Universal Second Factor, an open authentication universal standard for tokens. A security token is a physical device or technology (e.g. biometric authentication) used to gain access to the restricted resource. Tokens automatically transmit the authentication information to the computer once a physical connection is made.
With U2F, a single token can hold keys for multiple sites and apps, eliminating the need for multiple tokens. The login process is secured by the device itself, ensuring that nothing is cached, and the token can be carried around after logout. That is, when you first add the key to your account, your key generates a random number. It uses a secure hash function to mix this with the domain of the website you are on (e.g. namecheap.com) and a private key (which never leaves the device), to generate a unique private key for your account. From this unique private key, the device works out a public key and a secure checksum (sequence of numbers and letters), which it sends to the server along with the random number.
The use of private-public key cryptography makes the U2F method not vulnerable to phishing attacks, and protects against session hijacking, man-in-the-middle, and malware attacks. To pass 2FA, users must validate their identity using either a physical device or biometric authentication (FIDO2/WebAuthn).
U2F overcomes many of the security flaws of other methods, which makes it one of the most secure and easy-to-use methods available today.
Where is it supported?
How to use U2F
U2F Management
Adding a new device
Backup Codes
Log in with U2F
Where is it supported?
Namecheap supports all available U2F options (hardware, biometrics, password managers, Windows Hello, etc.).
Google Chrome, Mozilla Firefox, and Edge are the browsers that currently support U2F on Windows, Mac, and Linux.
U2F also works with the Google Chrome browser on Android, assuming you have a USB key with NFC support built in.
As for Apple devices and the Safari browser, it's possible to register a U2F key with iOS 14 and the latest version of Safari (starting from v.13.3).
How to use U2F
To get started, you’ll need just a few things:
- A U2F security key. You can use any U2F key for 2FA, like YubiKey authentication token. NB: If you want to use it with an Android device, make sure to purchase the security key with NFC.
- Google Chrome, Mozilla Firefox, or Edge browser. NB: If you want to use Safari, make sure you have the latest version installed. It's also preferable to have an iOS version starting from 14 for iPhones.
Other possible options include setting up U2F 2FA with a screen lock (PIN code, Face ID, Touch ID, or some other type of biometric authentication). Generally, these options depend on the OS and the browser, so make sure you’re using an up-to-date version. However, not all browsers fully support the feature; for example, it’s not possible to set up U2F 2FA with Touch ID in Firefox. Alternatively, you can save a passkey for your 2FA to a password manager that supports this feature.
To configure U2F, you should link your U2F key to your Namecheap account. It is possible to connect as many keys as you’d like and use any of them to verify your second step.
To start using the U2F 2FA method, go to Profile >> Security >> Access >> Two-Factor Authentication page and click Enable:
Enter your Namecheap password and confirm the change by clicking Continue:
PLEASE NOTE: If you already have another 2FA method enabled, the pop-up window with a request to confirm the authentication method change will appear:
On the next page, you will receive the set of backup codes that can help you to recover access to your Namecheap account if you lose your device/s or cannot use them for some reason. You need to either print or copy the backup codes somewhere. Once you have done this, click Next:
A few things to keep in mind:
- If you change the 2FA method from TOTP to U2F, the same backup codes that were created for the TOTP 2FA method will be kept for U2F as well. You can regenerate them during U2F method setup if you wish.
- The Backup Codes are activated only if the U2F setup process is fully completed.
- After one of the backup codes is used to sign in, it becomes inactive.
- You can generate a new set of backup codes whenever you want. After creating a new set, the old set will automatically become inactive.
- We recommend that you store your backup codes in a safe place, e.g. in a password manager.
On the next page, enter a name for your U2F key and click Register:
If you have a physical device, insert your U2F security key into your computer’s USB port within 30 seconds and press the button on it when prompted:
For other types of authentication (e.g. biometrics), follow the instructions on your screen.
If something goes wrong or you do not provide the key within 30 seconds, you will receive an error message. If this happens, try the process again:
Once the device is successfully registered, the corresponding pop-up window will appear:
The next time you log into your Namecheap account, you’ll be prompted to provide your security key.
U2F Management
Adding a new device
If you would like to link several U2F keys to your Namecheap account, click Add device in the Device Authentication (U2F) section:
The process is the same as for the first device: you will need to enter your Namecheap password first and the name of the key after that:
Finish the new device registration by clicking Register and providing your authentication key. In case of successful registration, the new device will appear above any previously added ones:
Backup Codes
In the Backup Codes section, you can check your available, and used, backup codes by clicking Show Backup Codes (you will need to confirm this action by entering your password associated with your Namecheap account):
If you somehow misplaced your backup codes, whether they were lost, stolen, or ran out, you can retrieve them on your settings page: Profile >> Security >> Access >> Two-Factor Authentication. In the Backup Codes section, click on the drop-down and choose Regenerate Backup Codes:
When the following window appears, confirm your action by clicking Regenerate:
After your Namecheap password is confirmed, you will receive a new set of backup codes that will invalidate the previous ones. Make sure to save your new backup codes in a safe place or print them out.
Log in with U2F
On the login page, enter your Namecheap username and password (your normal identity source login credentials). After your username and password are verified, you will be prompted to provide your security key. If you have registered a physical (hardware) key, insert it into your computer’s USB port to authorize the login:
In case you have some other type of a key registered (PIN code, Face ID, Touch ID, biometrics, etc.), follow the instructions on the screen.
If you do not have access to the U2F key or it does not work for some reason, you can click Enter a Backup Code to log in using one of your backup codes:
The previously-used backup codes will be then grayed out in your Namecheap account when checking the Show Backup Codes section.
In case a device is successfully verified, you will get a corresponding message and then redirected to the Namecheap Dashboard:
If you have any questions, feel free to contact our 24/7 Customer Support Team.