Security Keys (using the WebAuthn and FIDO2 standards) provide a very secure way to authenticate yourself with MyRapidi as a physical device like a Yubikey or fingerprint scanner is used during the authentication.
This avoids practically all possibilities of account takeover and is more secure than using passwords in combination with 2FA.
The standards used for these security keys (called WebAuthn and FIDO2) are relatively new, but are supported by industry leaders like Google and Microsoft and built into recent browser versions of Google Chrome, Microsoft Edge, Firefox (Windows 10+) and Safari among others.
Many industry leaders already support the use of security keys for their different online services. For example, you find Security Key support in Google Gmail, Microsoft Azure Active Directory, Salesforce.com among others.
A security key or device can be set up in two different ways with MyRapidi - either as Passwordless (no password is needed at login) or as a Second Factor (like the google 2FA but more secure as it is a hardware key).
Passwordless authentication combines the use of a physical device (which has some unique key and the ability to securely authenticate with a service) and then some personal knowledge like a PIN code or a personal feature like a fingerprint.
So as passwords can be stolen or guessed (and used remotely), it is much harder for someone to get hold of both the piece of hardware and the personal knowledge or feature (PIN code or fingerprint).
Even strong passwords used in combination with 2FA codes (like what we support with the Google Authenticator app) are less secure than using passwordless login. Hackers could steal your mobile phone number remotely and get access to your email account and then reset your password and get into your account. With passwordless login enabled (and Security keys enforced), they will always need the physical hardware key also.
So how do you enable Security Keys for your login?
You need the following items to use security keys with MyRapidi:
- A browser that supports FIDO2. In general, the latest versions of Google Chrome, Safari, Firefox, or Microsoft Edge, see here for more details.
- A hardware key (like YubiKey) or biometrical device like a built-in fingerprint reader in your laptop or mobile device.
Then to set up a Security Key with MyRapidi:
- Go to Settings > Security Keys
- MyRapidi will check if your browser is supported (If it is not supported, you will get a message about this).
- Then enter a Name for your key (for example: "Michael's Yubikey")
- Check the box "Passwordless"
- Click the button "Add Security Key"
- Follow the steps provided in the popup browser window
- If the key is successfully added, you will see it in the list of active Security Keys
We recommend that you add at least two different devices so that you have a device that you normally use and a backup device.
If you do not check the box "Passwordless" the key will instead be used as a secure Second Factor device. In this case, you still have to enter your password, and you then have a more secure second-factor authentication that MyRapidi will ask for after the password is entered.
Enforce the use of Security Key
If you are the account administrator for your company's MyRapidi account, you can enforce the use of a Security Key for one or more users in your MyRapidi account. You do that from the Manage Users page. We recommend that you enforce the use of a Security Key for all account administrators and also for users that have rights to edit the configuration (Transfers, Connections, etc.).