[Deribit] Using YubiKeys On Deribit – Deribit Insights
We are taking another step towards an even more secure environment for our users by introducing the strong YubiKey authenticator.
Setting up your YubiKey
Firstly, if you don’t yet have a YubiKey but are considering purchasing one to secure your Deribit account, make sure you get one that has the right connection for the devices you intend to use it with. Personally I’ve gone with the Yubikey 5 NFC, because it is able to connect via both USB and NFC, so I can use it with my PC and phone with ease.
If it’s your first one, then once your security key arrives, you may wish to quickly head over to the Yubico website, and watch the two minute setup video. The web address is written on the packaging. This is purely informational, and isn’t necessary to get started on Deribit, so if you’re already familiar with security keys you can skip this step and head straight to the Deribit website.
Adding a new YubiKey on Deribit
To get your YubiKey set up for use on Deribit, while logged into the Deribit website, go to the top right menu.
Click ‘Security’ and this will take you to the security settings page.
Click ‘Add New Yubikey Security Key’ and then give your key a name.
You can choose any name, but bear in mind the naming may be useful if you set up multiple keys. For example you may wish to set up a main key and a backup key, or give separate keys to different employees.
Do not insert your key into your USB port yet. There will be a prompt shortly to let you know when it is time to do so. Once you’ve named the key, click ‘Register security key’. Your operating system will prompt you to set up a security key and then to let the Deribit website use your security key.
Click OK to both of these.
You will then be prompted to insert your YubiKey.
Once you have inserted the YubiKey into the USB port, a pop up will ask you to touch the button on your key. Touch the button and this will register the key for use in your Deribit account. If this is the first key you have added to your Deribit account, it will automatically be assigned to all actions, including:
- Account management
- Signing in
- Wallet management
Whichever key is assigned to account management is considered the master key. This is needed to reset or add new keys. Users can log in to their account with a key that is assigned to ‘Signing In’. And wallet operations such as withdrawing or adding new withdrawal addresses will require a key that is assigned to ‘Wallet Management’.
Once a key has been registered, 2FA status will change to ‘Enabled’ (if it wasn’t already), and a new ‘Management mode’ setting is enabled. By default this is set to basic, which is designed for accounts where only a single person has access. For trading teams of more than one person though, it’s possible to switch to advanced mode, which then allows multiple keys to be assigned to the same action. This way it’s possible for the account owner to give members of their team access to certain functions via separate keys, but the account owner will retain the sole ability to edit 2FA settings with the master key.
If you switch to advanced mode, instead of listing each of the assignments and having the option to assign keys to them, the table will instead show a list of the keys with the ability to select assignments for each key. This has very similar functionality but is ordered differently to make it easier to manage many keys at the same time.
Using your Yubikey to sign in to your account
As an example of how a Yubikey is used in practice to protect an account, let’s work through the process of signing in to a Deribit account. When you click ‘Log In’ you will be greeted with this form.
Enter your deribit email address and password as normal. In addition to this, be sure to check the ‘Use Yubikey’ checkbox, and then click ‘Login’.
This will lead to a prompt for you to insert your key into your device.
At this point you should insert your key, which will generate a prompt for you to touch the button on the security key.
Touching the security key will authenticate your details and sign you into your Deribit account.
That’s it! It really is that quick and simple to use. The key just needs to be inserted into your device, and then pressed/touched to authenticate. This step means that to gain access to your account, someone needs both the login details (email and password) and physical access to the Yubikey. This makes your account much more secure, and almost impossible to hack.
All the usual security advice still applies though of course, so you should still be careful with your login details, and also with who has physical access to your Yubikey.
Visit Yubico to learn more about the product here.