Keeper now lets you use security keys exclusively for 2FA

YubiKey security key on keyboard
(Image credit: Formatoriginal / Shutterstock.com)

Keeper has announced it will now give its consumer and enterprise customers the chance to use security keys as their one and only method for two-factor authentication (2FA).

Previously, the password manager required that users have a backup method for authenticating a login if they chose to use security keys, but now that is no longer the case.

The company believes that using physical security keys "enhances overall security by providing a robust physical second factor, mitigating remote attacks and reducing dependency on mobile devices."

Safer 2FA

Those with Keeper administrator accounts can also enforce the use of security keys as the sole authentication method for all users at their organization, and even require a FIDO2 PIN code to be used with the security key too.

Keeper notes that typical methods of 2FA, such as SMS texts and Time-based One-Time Passwords (TOTP) are more vulnerable than ever, as cybercriminals launch increasingly sophisticated attacks to undermine these methods, such as social engineering and SIM swapping. 

The National Institute of Standards and Technology (NIST) has even removed the use of SMS texts for 2FA from its list of recommended authentication methods for this reason.

Keeper Security CTO Craig Lurey commented that "cybercriminals are creative and relentless in their mission to break historically secure solutions,” which is why "many organizations are transitioning to hardware-based 2FA devices like YubiKey."

According to Lurey, these offer "a simple and user-friendly, but highly secure authentication method."

Keeper users can have multiple security keys added to their account, so they can have backup keys, or have different keys in different locations or to use with different devices.

By logging into the web or desktop app for Keeper, users can remove other 2FA methods from their accounts if they only want to use security keys. Once this is done, users can then use security keys solely for 2FA with their iOS and Android devices as well.

MORE FROM TECHRADAR PRO

Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 


His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.


He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.