U2F is widely regarded as the best way to secure your important accounts since it relies on access to a physical key before the account will be unlocked. But what happens if you lose that key?
What is Universal Two-Factor (U2F)?
First off, we should take a closer look at what U2F is. While we have a much more in-depth explanation of what U2F is, we’ll cover the quick and dirty version here.
In a nutshell, U2F is the standard for physical two-factor authentication tokens. Instead of using something like Authy, Google Authenticator, or SMS to receive a 2FA code, U2F uses a physical key to protect your accounts.
These keys can be USB, Bluetooth, NFC, or any combination of the three. A good example of one key that uses all three is Google’s Titan Key—or it will at some point, anyway (currently the NFC aspect of the Titan Key is disabled).
You can take a look at our guide on setting up and using the Titan Keys for more information on how these U2F keys work.
Cool, So What is Stored on a U2F Key?
The best thing about U2F is that nothing is physically stored on the key. No personal or account data is saved locally, which is precisely why you can use the same key for multiple accounts.
That means if you misplace a U2F key (or it gets stolen) it doesn’t matter where it ends up—no one will be able to pull private information from the key to connect it your account, because that information is nowhere to be found. There is nothing to tie that key to you.
So, replacing a lost key might cost a bit of money, but losing the key has no security implications. It’s just one more reason why U2F is the best form of protection for your important accounts.
That’s also the reason why the Google Titan Key bundle comes with a pair of keys: one to keep with you and one to keep in your desk drawer. You add both keys to your account, so you have a backup key if something happens to the primary one. Smart.
What Should I Do if I Lose a Key?
If you happen to lose your U2F key, the first (and really, only) thing you’ll need to do is remove that form of authentication from your accounts. You’ll need to jump onto a device that is already logged in to all of your accounts and remove that particular key as a form of authentication.
So, for example, if you need to remove a key from your Google account, head into My Account > Signing Into Google > 2 Step Verification. From there, click the little pencil icon next to the device name and remove it. Easy peasy.
Just do that for all the accounts where you’ve added your lost U2F key—make sure to do it before you need access to the account from a new device, lest you get locked out of that account.
That’s another reason it’s always good to have multiple forms of 2FA enabled on all accounts that support it, whether that be with backup codes or making sure all your account info is up to date.