April 8th, 2015
Note: now we recommend a different Android app to generate one-time passwords. See the updated instructions in this blog post.
Passwords have been quite unpopular for a while. Every few weeks major news sites publish some variation on the “password is dead” topic. In order to improve login security, many of the leading online service providers have introduced “two factor authentication” procedures in which your password (“something you know”: that’s the first authentication factor) is complemented with a second factor which is “something you have”. If this “something” has a tamper-resistant chip running code securely, anyone wanting to access your information will have a much tougher task ahead. As you might have guessed, one of such “things” is the Fidesmo Card. The way of proving that you actually have it is by making it generate a “one-time password” (OTP) which is also generated by the server based on the same seed. If both OTPs match, you are welcome in.
If you are a public personality or simply security conscious you should consider having your security on another device than the device you are trying to log into as well as a device that is secure and tamper resistant: that’s why using a contactless smart card is such a good idea.
This article explains, step-by-step, how you can use a Fidesmo Card to set up two factor authentication for one of the most popular online services: Google.
Configure Two-step verification in your Gmail account, if you haven’t done it yet. You will have to initiate the procedure using a mobile phone. Instructions are here: https://www.google.com/landing/2step/
Once all is done, go to your account settings in https://myaccount.google.com/ and click on “2-step verification”.
This is how it looks like for me:
Click on the “Switch to app” button, and select “Android” as your phone type in the following dialog box. Something like this will pop up:
Instead of installing Google Authenticator (as the instructions on the popup say), open the FreeOTP app on your phone and follow this sequence of steps:
Let’s imagine you now want to log into your Google account using a different computer. Google will ask you for two-factor authentication: your password, and the OTP using the Fidesmo Card:
Get hold of your phone and open the FreeOTP app. Since we stored the token on the card and not on the phone, the same initial screen as before is shown: not tokens on this device. Tap the Fidesmo Card and the list of installed tokens appears:
While tapping the card with your phone (easy if you just hold both with the same hand), press the big blue cube icon on the left. The phone will use the token on your Fidesmo Card to generate the one-time password, and display it to you:
So you just need to type it into the 2-step verification box above, and you are done!
That’s all there is to it. Your Google account is now 2FA (two factor authentication) secured no matter which device that you want to log into, be it computer or mobile device. To complete your security be sure to keep the backup passwords in a secure and remote place. If you want to add this extra layer of security to other parts of your online life you can do so for most of the services that have a “Software Implementation” on this extensive list of services that support 2FA login. If you have any trouble following this guide or questions and tips regarding security online or our services do not hesitate to tweet @ us!