Computer Security Key For Two Factor Identification
Posted: 15-Nov-2022 | 7:07PM · 4 Replies · Permalink
I would like to use the free USB Raptor App at https://sourceforge.net/projects/usbraptor/ to convert a flash drive USB stick I have into a security key for two factor identification, instead of buying a USB security key. Is the USB Raptor app safe?
Re: Computer Security Key For Two Factor Identification
Posted: 19-Nov-2022 | 4:02PM · Permalink
Thank you to all who replied. After studying USB Computer Security Keys in general, and the Raptor app in particular, I came up with the following infromation I will now share for the good of the Norton Community:
1. The Raptor app does convert a USB Flash memory stick into a Security Key, BUT it is ONLY useful for your own computer log in, NOT for different web sites on the internet that require 2FA. Also, though the Raptor app is free, you need to pay them a small fee for access to an electronic "Master Key", which you will need if your USB Key is damaged or lost, as you will not be able to log in to your computer without it (NOTE: You can set the Raptor App to give the person logging in without the Key inserted up to 20 seconds - default setting is 15 seconds - to disable 2FA before the computer locks them out. You MUST check the "Advanced Configuration" BOX, which allows you to go to "Lock Behavior" and make sure the "delay lock" time in seconds BOX IS CHECKED and "allow user to disable lock" BOX IS CHECKED when setting up Raptor for your USB Key.).
2. Unlike the USB Flash memory stick, converted by the Raptor app to a 2FA Security Key for preventing anyone that does not have said Key from using your computer, Dedicated USB Security Keys (e.g. Yubico) are much more expensive because they have a chip in them with all the security protocols (i.e. FIDO certified to work with Google Chrome and any FIDO-compliant applications on Windows, Mac OS or Linux) that protect them from being hacked.
3. When a web site requires that you have 2FA, the only way to get around using a FIDO-compliant USB Security Key is to download Backup Codes from that web site, if they offer that as a 2FA alternative to a USB Security Key. Most of them do. This is considered less secure, but as long as nobody but you can get to those Backup Codes, it works fine (You use them up one by one, each time you log in. After you use the first ten codes, they issue you ten more, and so on.). This is where the Norton Password Manager Vault shines!
4. It is VERY IMPORTANT to make sure you store your Backup codes in a location that is BOTH safe AND one you can get to quickly. The Norton Password Manager VAULT is the perfect storage location for 2FA Backup Codes. Just add a "log in" that doesn't actually go anywhere (leave the link unfilled) and label it as a place you know you have your Backup Codes. Let Norton generate a password for it that corresponds to that label. In the "Notes" on that new "log in", list all your Backup Codes.
5. Now when you need a Backup Code, just open your Norton Password Manager VAULT and press "EDIT" on your Backup Codes label "log in" (DON'T press "log in". Remember you left the link unfilled). Get one Backup Code from the "NOTES" in the "log in" where you stored them. Copy it and enter it manually (or paste it, if that option is available) at the 2FA web site. Delete that code from your list as soon as you use it. Remember that EACH CODE can only be used ONCE. If you try to use the same Code twice, the 2FA software will not let you log in.
6. Though the normal use of the Norton Password Manager is to click on the label of the "log in" for a web site and log in with user ID and password, I do not recommend trying to do this with Backup Codes (i.e. creating a separate "log in" for each Backup Code, or changing the "log in" password to the next Backup Code), as this is cumbersome and can lead to errors. Just list the Backup Codes in your NOTES in the "log in" you created for that purpose. Copy each Backup Code you need and enter it manually (or paste it, if that option is available) at the 2FA web site. Delete that code from your list as soon as you use it. I also do not recommend storing your Backup Codes on your smart phone (Phones can be stolen AND hacked, usually in that order.).
7. finally, write all the codes out by hand and store them in a secure location in your home, just in case your computer OS crashes irretrievably (factory reset required, or worse yet, a new computer is required) and you need to log in to a 2FA web site from a friend's computer before you can get set up to speed with Norton on your new or factory reset computer. While it is true that your Norton Password Manager Vault is not "lost" if your computer crashes, it can take about a week to get back up to speed. That happened to me last July. It was tedious, to put it mildly.
8. I hope this helps someone out there with 2FA. I am happy that I have a new use for the Norotn Password Manager VAULT as a sort of Backup Codes SAFE, EASILY ACCESSED LOCATION. Thank you Norton 360!