HyperFIDO Security Key on Linux


The HyperFIDO Adventure Begins

I have been on a security kick lately. I have been turning on 2-step authentication on everything which has really irritated my wife. I’m planning a post with a list of the tools I use to keep my data secure but for now I’m going to talk about the HyperFIDO Security Key from Hypersecu. I was messing around with the 2-step authentication on my gmail account and saw that there was an option to use a security key. That piqued my curiosity so I headed over to Amazon and found the HyperFIDO for $10. What the heck right? I received the HyperFIDO today and got to setting it up on my personal laptop.

What does a security key do?

A security key is a physical means of 2-step authentication. If you don’t know currently use 2-step authentication stop reading this and go turn it on right now. 2-step basically eliminates attackers ability to gain access to your account through just your password. You can make your password 123456 (don’t do that) and they can enter that at the Facebook prompt but they are not getting access to your account. Instead Facebook will ask for a code from a code generator (I suggest Authy) that the attacker cannot enter without having access to your phone. The HyperFIDO acts as that code generator, for Gmail at least.

It is suppose to work on Linux

I use Linux almost exclusively these days. My personal laptop is running Manjaro Linux with an Ubuntu Linux virtual machine running on that inside of Virtualbox. My work laptop is a Windows 10 box but I’m running Manjaro Linux on a virtual machine on that computer that I have in full-screen mode so I really don’t interact with Windows 10. If work would let me I’d be running Manjaro as the base OS. My reasons for running Linux exclusively are a subject for another post. Needless to say I made sure that this would work on Linux. If you are a Linux enthusiasts you know that it is not always as easy as just plugging it in. This was one of those moments.

Something went wrong

I followed the instructions that Google gave me which consisted of clicking a button and then plugging in the HyperFIDO. When I plugged it in the first time the light came on but nothing happened and eventually the box that had popped up timed out. I noticed then that the HyperFIDO is a bit touchy on my laptop. I had to wiggle it to get it to light up. Once I cleared that up I went searching for a solution. The first stop was the Hypersecu website and there was a download for Linux that included a couple of udev rules. I did as it suggested and moved the udev rules into /etc/udev/rules.d. I rebooted and gave it another try. This time the window that popped up would close quickly and a box would pop up that gave the very helpful message of “Something went wrong”. Back to the drawing board.

Thank you Yubico!

This is a good time to mention that as much as I want to use DuckDuckGo for search (they don’t track you) they just don’t hold a candle to Google. I had been doing my searches on DuckDuckGo and decided to try Google. That is when I ran across a forum post from Yubico, the makers of a competing security key. Somebody in the forum mentioned a file on GitHub that Yubico posted that included more udev rules for several security key makers. You can download it here. I was elated to find that HyperFIDO was among the key makers with listings in the file. I copied the file and put it into /etc/udev/rules.d and discovered that I didn’t have to reboot to get it working. I ran the command sudo udevadm control –reload-rules and I was good to go. Almost. I failed to notice that the entire file from Yubico was commented out. I had to uncomment the first line, the line with the rule for the HyperFIDO and the last line. I ran the udevadm command again and it worked!