How To Make A USB Security Key: Step by Step Guide
For those of us who value data security above all else, security keys are a godsend. They provide an easy and quick solution to authentication issues and prevent phishing. USB security keys have existed since the early 2000s, but they have started gaining popularity only lately, with their application being extended to nearly every industry.
For a detailed list of products and services that are compatible with USB security keys, check this list.
Here I will explain how to make a USB security key step by step on Windows, Mac OS and Linux.
Create a DIY USB Security Key
Companies such as Yubico, FIDO, and Google offer cheap USB security keys – such as the USB/NFC Yubico Security Keys, Thetis FIDO2 Security Key, and Titan Security Key – but they still require money, and need to be purchased.
While they’re a better option for accounts requiring a high level of security, everyday users can create their own security keys. This can be done by recycling USB flash drives and setting up a free or low-cost software that is compatible with the concerned applications.
The first step to be taken for systems running on either Windows or Mac is to download the desired security software. Countless companies are providing this service, but we will be providing the guide for USB Raptor (Windows) and Rohos Logon Key (Mac).
Other free or paid service providers can also be opted for, with the set-up steps being similar for most solutions.
Unzip the newly downloaded USB Raptor folder and open it.
Run the USB Raptor application.
Go through the terms and conditions, and verify you’ve read them by clicking on ‘I Agree’ after clicking on the checkbox next to it.
Plug a USB flash drive into your computer.
In the ‘Encryption’ field, type out a strong but memorable password.
Click on the ‘Select USB Drive’ drop-down box in the ‘Unlock File Creation’ section and choose the desirable USB flash drive.
Click on the ‘Create k3y File’ button.
Now, select the checkbox next to ‘Enable USB Raptor’ in the ‘USB Raptor Status’ section.
At this point, ejecting the USB flash drive would result in your computer getting locked, as USB Raptor will start working. However, this automatic protection won’t be provided each time unless the next, optional step is carried out.
To customize additional settings for USB Raptor – such as enabling a backup password (in case your USB flash drive gets lost), configuring startup settings, assigning a locking delay period upon removal of the USB flash drive, or more – click on the checkbox next to ‘Advanced Configuration’ on the top right corner of the application window.
Now, you can go through the settings and decide which functions you wish to configure for your USB security key. We recommend clicking the following checkboxes:
Run USB Raptor at Windows startup
Start in the system tray
USB Raptor always starts armed
These settings make USB Raptor work automatically. Further customization can be done by selecting the ‘Enable USB Raptor’, ‘Enable receiver’ and ‘Password protect USB Raptor’s interface’ checkboxes, amongst others.
Click ‘Minimize to tray’. Your Windows PC is now USB Raptor-protected.
To disable USB Raptor, click the checkbox labeled ‘Enable USB Raptor’ to uncheck it.
While enabled, USB Raptor will protect your computer against unauthorized logins by keeping the computer locked as long as the USB security key isn’t plugged in.
This process can be recreated for other free or paid security services as well, with KeyLock being free, and Rohos Logon Key (which is more secure than USB Raptor, as explained later), and Predator being trustworthy, paid options.
Open the ‘RohosLogon Installer’ file and click on the ‘Continue’ option.
Now, click on ‘Continue’ > ‘Agree’ > ‘Install for all users of this computer’ > ‘Continue’ > ‘Install’ one-by-one.
Your PC may ask you to enter your username and password after this step. If prompted, enter the details and click on ‘Install software’.
After successful installation, click ‘Close’.
Now, plug your USB flash drive into your computer.
Open ‘Rohos Logon Key’ and choose the ‘USB drive’ option, to set a USB flash drive as your chosen authentication device.
Enter a name, password (if desired), and authentication device from the window. Now click ‘OK’.
Select the ‘Lock the desktop’ option from the drop-down box labeled ‘USB key removal action’. Your Mac PC is now Rohos-protected.
How To Make A USB Security Key on Linux
Linux is not just a personal favorite for tech-savvy individuals, but it is also widely used in the tech side of the corporate world as well. Unlike Windows and Mac systems, Linux based systems have a slightly complicated method for setting up USB flash drive-based user authentication.
The usage of Pluggable Authentication Modules (PAM) can make the usage of USB security keys possible for Linux systems as a primary or secondary authentication method.
While the following steps are Ubuntu-specific, equivalent commands can be used for other distributions to set up USB security keys for Linux:
Install the required packages for PAM based USB authentication by entering the following command in your Linux terminal:
$ sudo apt-get install pamusb-tools libpam-usb
Now, plug in your USB flash drive and use the pamusb-conf command to configure the device, as follows:
$ sudo pamusb-conf –add-device <device name>
Please select the device you wish to add.
* Using “Verbatim STORE N GO (Verbatim_STORE_N_GO_07A10D0894492625-0:0)” (only option)
Which volume would you like to use for storing data ?
0) /dev/sdb2 (UUID: ****-****)
1) /dev/sdb1 (UUID: ****-****)
Name : <device name>
Vendor : Verbatim
Model : STORE N GO
Serial : Verbatim_STORE_N_GO_****************-0:0
UUID : ****-****
Save to /etc/pamusb.conf ?
After this step, the /etc/pamusb.conf configuration file automatically gets updated to define our USB device.
After configuring the device, a user must be configured. While multiple PAM devices can be set up with multiple users each, the following code demonstrates the setting up of one user for the above-configured device.
$ sudo pamusb-conf –add-user <user name>
Which device would you like to use for authentication ?
* Using “<device name>” (only option)
User : <user name>
Device : <device name>
Save to /etc/pamusb.conf ?
After this step, the /etc/pamusb.conf configuration file automatically gets updated to define our new user.
After setting up <device name> as the authentication mode for <user name>, /etc/pam.d/common-auth file (/etc/pam/system-auth file for Fedora or RedHat systems) must be edited to set up pam_usb into a system authentication process by altering it to include the following:
auth sufficient pam_usb.so
auth required pam_unix.so nullok_secure
Now, <user name> can be authenticated using the configured device:
$ su ubuntu-user
* pam_usb v0.4.2
* Authentication request for user “<user name>” (su)
* Device “<device name>” is connected (good).
* Performing one time pad verification…
* Regenerating new pads…
* Access granted.
If the user doesn’t get recognized, change “sufficient” to “required” in the pam_usb.so file. This would require the configuration of a password as well.
In order to lock the computer system every time the USB flash drive is connected, edit the /etc/pamusb.conf configuration file in the following manner, to make pam_usb lock the screen upon USB disconnection:
<user id=”<user name>“>
<agent event=”lock”>gnome-screensaver-command -l</agent>
<agent event=”unlock”>gnome-screensaver-command -d</agent>
Congratulations, your USB flash drive has now been configured to act as a security key for your Ubuntu Linux system! For other distributions, look up equivalent commands and file names.
NOTE: “<user name>” and “<device name>” must be replaced by the authorized user’s name, and the USB flash drive’s name, respectively.
Investing in paid options is always a better idea as they provide additional layers of security, besides offering customer support. For example, both USB Raptor (free) and Rohos Logon Key (paid) can be used for Windows systems, but only the latter keeps out intruders even if they have the backup password, as long as the key isn’t installed. It also offers a free trial for skeptics.
But what exactly is ‘USB’, and why is it used as a security measure? Continue reading our thorough guide for answers to these questions.
Universal Serial Bus (USB) is a standard used to connect peripherals to computer systems using connectors and cables. USB flash drives are portable storage devices that make use of the USB interface to communicate with computer systems. They are widely used for both personal and professional purposes. In the corporate world, their application is mostly limited to storing the following:
Besides documents and media files, USB flash drives can also be used to carry applications that can run on computers, when connected. This provision is utilized for the working of USB security keys.
USB Security Keys: Working and Need
When a USB security key is plugged into a computer, it communicates with the system to let it know that an authorized user is attempting to access the concerned account(s). It works in collaboration with a USB security key application, which continuously scans your computer’s USB ports for a compatible device (the key) containing a specific encrypted file containing the actual key. If it isn’t located, the computer gets locked till the time the USB security key isn’t plugged in.
These devices use the Universal 2nd Factor (U2F) open standard managed by the Fast Identity Online (FIDO) Alliance to provide:
Complete security and privacy
The utilization of two-factor authentication protects against attacks such as man-in-the-middle, brute force, phishing, session hijacking, and spear phishing. Additionally, user identities are checked against unique “keys”, not personal information. Associated accounts check the authenticity of the user against these identities, due to which privacy is maintained at all times. For a higher level of authentication, government identities can be bound to these digital identities.
Cheap, quick, and easy solution
Low-cost (or cheap!) open-source backend architecture for these keys can be obtained from third parties, or configured independently. Once it has been set up, the authentication process can be carried out instantly via supported applications and browsers such as Google Chrome, Mozilla Firefox, or Opera.
FAQs on How To Make A USB Security Key
In short, USB security keys are a must-have for anyone who values their data’s privacy. Some related questions that you might have, have been answered below:
Why should I invest in USB security keys?
Well, you don’t have to invest unless you choose to buy a commercial product. You can simply create your own USB security key, following the above guide.
You should be doing so because two-factor authentication has been proven to be much more effective than single layer password protection, for data security. In an age where account takeovers and data leaks are constantly increasing, it is imperative to use additional security measures.
The safest way to make sure your accounts are inaccessible is by using physical USB security keys – which can’t be used by others unless they steal them.
What if I lose my key along with the backup authentication device?
If you lose your key, you can simply use your backup device – such as a cell phone – to reconfigure your security key. If you lose both of them, you can use any of the (saved) recovery codes that were provided by the authenticator app on your backup device.
I didn’t save my recovery codes. What now?
Saving your recovery codes is an important, non-negotiable step during the configuration of an authentication device. In case you forget to do this, the only way to gain access to your protected accounts is by talking to the service provider and verifying your identity satisfactorily. If you fail, it can be extremely hard to access your accounts.
Won’t creating multiple keys for each device be tiresome?
Of course, and that’s exactly why you don’t need to do that. USB security keys work like regular keys – the way you can attach a padlock to different doors and open it with the same key, you can access the associated accounts from any location or device with the same security key.
If you do prefer using separate keys for additional security, you can configure them likewise.
There are other convenient modes of two-factor authentication. Why should I opt for USB security keys, then?
Now that hacking toolkits are freely and easily available on the internet, anyone with the appropriate knowledge and resources can gain access to your accounts remotely. This includes accounts with 2FA protection if the protection method isn’t completely secure.
For example, SMS or phone called based 2FA security layers can be overcome by intercepting the message or call. Password-based layers can be broken using password cracking tools, and biometric passwords can become invalid (due to physical deformation of fingers or eyes) or compromised (in the event of a database breach).
While other modes of two-factor authentication exist, USB security keys are an optimal solution for users who feel discouraged to use 2FA due to the inconvenience associated with multiple authentication platforms. Besides simplicity, the open standard it uses makes it an attractive solution for organizations planning to implement it.