Documentation Center

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support Portal
  • Home
  • Administration
  • Security & Compliance

Hardware Security Keys

Contact Us

If you have questions or want help, please Submit a Request.

Updated at Nov 25, 2024
By Kali Patrick

Table of Contents

About Syncro & Hardware Security Keys Add a Hardware Security Key Remove a Hardware Security Key Troubleshooting

Related Docs

  • Configure Multi-Factor Authentication (MFA)
  • Use Single Sign-On with Syncro

A Hardware Security Key is a physical device used as a second authentication factor to enhance security. It generates a unique code for each login attempt, which is required in addition to the user’s password or biometric data. 

Security Keys are commonly used in two-factor authentication (2FA) or Multi-Factor Authentication (MFA) protocols, which require users to provide at least two forms of authentication to access a system or device.

About Syncro & Hardware Security Keys

IMPORTANT: 

  • Adding hardware security keys will not completely stop a bad actor from accessing your Syncro account, but doing so is likely to slow them down and require them to find other ways to gain access.
  • If at any point you change your subdomain, all your security keys are invalidated and you can't use them.  You'll need to remove and re-add them under the new subdomain.

You must first enable MFA to add a hardware security key. 

Syncro currently supports the following hardware security keys:

  • Any FIDO U2F key is supported (YubiKey, Google Titan Keys)
  • Any hardware + OS that supports WebAuthN/Platform U2F (Windows Hello, FaceID, TouchID)

You can add as many keys as you want; Syncro recommends registering more than one hardware security key so you have backup in case one is lost. You can still use regular Multi-Factor Authentication (MFA) if you enable hardware security keys.

Users cannot share a key on the same Syncro account. However, you can use a key more than once if it's for a different Syncro account. On different apps (like Okta or GitHub), you can use the same key for multiple platforms.

Add a Hardware Security Key

To add a hardware security key, follow these steps:

  1. Log into your Syncro account.
  2. Navigate to your Syncro User Profile and select Profile/Password.
  3. In the Multi-Factor Authentication section at the bottom of the page, click Hardware Security Keys:  
     
    The Your Security Keys page displays.
  4. Click Register Security Key.
  5. Enter a nickname for the key that you'll be plugging to help you identify it. Click Register. 
    Notes: 
  • Nicknames for security keys must be unique.
  • If your hardware security key is an USB key, insert and tap if necessary.
  1. Your browser continues the rest of the setup. Your browser will give you options for both hardware keys (YubiKeys, Titan Keys) as well as platform keys (Windows Hello, TouchID, FaceID). Syncro displays a success message and your hardware security key appears in the Security Keys table with the date registered:

Syncro also sends an email notifying you of the addition of the hardware security key: 

When a hardware key is active, Syncro prompts users to authenticate with it (e.g., with a thumb press) after entering their email and password:

 

Remove a Hardware Security Key

  1. Login to your Syncro account.
  2. Navigate to your Syncro User Profile and select Profile/Password.
  3. In the Multi-Factor Authentication section at the bottom of the page, click Hardware Security Keys.
  4. Click the Delete (trash can icon) for the security key you want to remove.
  5. Click Delete to confirm. Syncro displays a success message and your hardware security key is removed from the Security Keys table. Syncro also sends an email notifying you of the removal of the hardware security key.

Troubleshooting

First, if you've changed your subdomain all your hardware security keys are invalidated and you can't use them. If at any point you change your subdomain, all your security keys are invalidated and you can't use them.  You'll need to remove and re-add them under the new subdomain.

Second, hardware security keys are an additional layer, not a replacement, for Multi-Factor Authentication (MFA). Therefore Admins cannot remove hardware security keys because they are managed by individual users. 

However, if a user is set up with a hardware security key but does not have the key on hand, they can click the “Use Authenticator App” link to revert back to authenticating with an MFA code.

If a user can't authenticate with MFA, then it will be necessary to begin MFA recovery:

Admins can also can reset MFA in the even that an MFA lockout occurs. See “If a User is Locked Out” for details.

Was this article helpful?

Yes
No
Give feedback about this article

The integrated platform for running a profitable MSP business

Syncro All-in-one MSP Software Facebook Syncro All-in-one MSP Software Twitter Syncro All-in-one MSP Software LinkedIn Syncro All-in-one MSP Software YouTube Syncro All-in-one MSP Software Reddit
  • Compliance
  • Privacy Policy
  • Website Terms
  • Service Terms
Knowledge Base Software powered by Helpjuice

© 2017-2024 Servably, Inc. All rights reserved.

Expand