A Hardware Security Key is a physical device used as a second authentication factor to enhance security. It generates a unique code for each login attempt, which is required in addition to the user’s password or biometric data. 

Security Keys are commonly used in two-factor authentication (2FA) or Multi-Factor Authentication (MFA) protocols, which require users to provide at least two forms of authentication to access a system or device.

About Syncro & Hardware Security Keys

IMPORTANT: Adding hardware security keys will not completely stop a bad actor from accessing your Syncro account, but doing so is likely to slow them down and require them to find other ways to gain access.

You must first enable MFA to add a hardware security key. 

Syncro currently supports the following hardware security keys:

• Any FIDO U2F key is supported (YubiKey, Google Titan Keys)
• Any hardware + OS that supports WebAuthN/Platform U2F (Windows Hello, FaceID, TouchID)

You can add as many keys as you want; Syncro recommends registering more than one hardware security key so you have backup in case one is lost. You can still use regular Multi-Factor Authentication (MFA) if you enable hardware security keys.

Users cannot share a key on the same Syncro account. However, you can use a key more than once if it's for a different Syncro account. On different apps (like Okta or GitHub), you can use the same key for multiple platforms.

Add a Hardware Security Key

To add a hardware security key, follow these steps:

1. Log into your Syncro account.
2. Navigate to your Syncro User Profile and select Profile/Password.
3. In the Multi-Factor Authentication section at the bottom of the page, click Hardware Security Keys:  
    
   The Your Security Keys page displays.
4. Click Register Security Key.
5. Enter a nickname for the key that you'll be plugging to help you identify it. Click Register. 
   Notes: 

• Nicknames for security keys must be unique.
• If your hardware security key is an USB key, insert and tap if necessary.

6. Your browser continues the rest of the setup. Your browser will give you options for both hardware keys (YubiKeys, Titan Keys) as well as platform keys (Windows Hello, TouchID, FaceID). Syncro displays a success message and your hardware security key appears in the Security Keys table with the date registered:

Syncro also sends an email notifying you of the addition of the hardware security key: 

When a hardware key is active, Syncro prompts users to authenticate with it (e.g., with a thumb press) after entering their email and password:

Remove a Hardware Security Key

1. Login to your Syncro account.
2. Navigate to your Syncro User Profile and select Profile/Password.
3. In the Multi-Factor Authentication section at the bottom of the page, click Hardware Security Keys.
4. Click the Delete (trash can icon) for the security key you want to remove.
5. Click Delete to confirm. Syncro displays a success message and your hardware security key is removed from the Security Keys table. Syncro also sends an email notifying you of the removal of the hardware security key.

Troubleshooting

Hardware keys are an additional layer, not a replacement, for Multi-Factor Authentication (MFA). Admins cannot remove hardware security keys because they are managed by individual users. 

However, if a user is set up with a hardware security key but does not have the key on hand, they can click the “Use Authenticator App” link to revert back to authenticating with an MFA code.

If a user can't authenticate with MFA, then it will be necessary to begin MFA recovery:

Admins can also can reset MFA in the even that an MFA lockout occurs. See “If a User is Locked Out” for details.