Blockchain security company Ledger unveiled this week a new two-factor authentication feature linked to its hardware devices that allow them to be used to more securely access everyday applications such as Gmail, Facebook, and Dropbox.
Ledger developed the feature with the help of the FIDO Alliance, an authentication program that seeks to replace passwords with more secure login methods. Known as the FIDO Universal 2nd Factor (U2F) app, Ledger’s authentication system requires a Ledger device—either a Nano S or Nano X hardware wallet—to verify and log into an account. The app is used for crypto accounts but can also be applied to applications that are more familiar to average Internet users.
CEO of Ledger Pascal Gauthier explained to Decrypt that while many accounts invoke their own two-factor authentication protocols, several rely on email or text (SMS) verifications to complete one’s access, which are not the most secure options.
“Your phone number or your email is not something you really own,” he said. “They belong to service providers, so the control of the account always remains with a company.”
Here’s how it works: To get started with the app, users must first download Ledger Live—an online system built for managing cryptocurrencies—and install it onto their devices by selecting the FIDO U2F app in the “manager” section.
After installation, users then select the compatible services—which include Google, Dashlane, GitHub and others—that they’d like to attach to their devices and enhance with two-factor authentication. From there, 2FA is activated and a user will need to log into the attached account using both their password and their Ledger device, thereby adding an extra layer of security.
“When a user sets up their device, a unique master private key is created by Ledger’s secure hardware and software,” Gauthier explained. “As all user private keys and public addresses arise from the master private key, you can manage many accounts or assets with a single device.”
Ledger has developed a reputation for security over the years. In 2016, the company created the Blockchain Open Ledger Operating System (BOLOS) which—according to Gauthier—combines the “best features” of smartcard chip technology witnessed in both passport and credit card systems. BOLOS is designed to protect against malicious attacks by isolating applications from each other on a device.
Ledger also stress tests its devices, along with those of its partners and competitors, to remain ahead of cyberthieves and uncover security vulnerabilities. The company has passed a Common Criteria security evaluation—an international standard for banking cards and state requirements—and obtained an EAL5+ certificate last March.
In mid-December, Ledger announced a new staking program that would allow customers to earn rewards on their crypto holdings. Among the first cryptocurrencies added to the program was Tezos (XTZ), the world’s tenth-largest digital currency by market cap.