The European Commission incorporates new cybersecurity measures in the IT services it currently offers, among which is the platform for Online Dispute Resolution (ODR). In this way, all users will have to perform multifactor authentication in order to continue accessing these services. With this new system, the aim is to create a safer digital environment and strengthen the confidence of citizens. For this, users will be able to choose different options to carry out the authentication, so that they can do it through their conventional mobile phone by means of an SMS; through their smartphone, using the "EU Login" APP available on Google Play and the App store; or through a USB security key.
About multifactor authentication
Multi-factor authentication (MFA) is a security measure that adds a new layer of additional protection to passwords commonly used to access certain services or digital environments. This is an electronic authentication method where two or more factors (eg a password and a fingerprint) are required to access a web page or application.
About USB security keys
What is a USB security key?
The USB security key is a device used to perform two-step verification without the need to use a mobile phone or email. It uses the two-step verification standard U2F (Universal 2nd Factor) and works in a simple way. Just connect the USB security key to a computer and the key takes care of multi-factor authentication.
It is a device that is sold by different manufacturers with different brands. Yubikey, FIDO2, U2F (Universal Second Factor), are just some examples of the keys that we can find on the market.
How to do multi-factor authentication with a USB security key?
Acquire the key
Anyone can buy it in a technology or online stores. There are multiple purchase options. For example, for €29 you can get a Yubico USB security key through this link.
Recommendations to acquire it
Any FIDO2 compatible key is a good option. Does it use the WebAuthN authentication protocol? So, you have a protocol considered very secure. It must also be taken into account that some models integrate fingerprint readers to add more security to the process. In these cases, an additional element of complexity may also be added, since, for example, to be able to access Windows it would be necessary to also use the key. Before buying it, you should check the type of USB port (USB-A or USB-C) used by the computer where it will be used in order to make sure that the key and the equipment are compatible. Likewise, it is recommended not to use the same device to identify yourself and access all online services that require double authentication factor.
Select the authentication method on the EU Login web page
In order to use a USB security key as a multifactor authentication method in the European Commission's online services, the user must have -previously- an account on the EU Login platform. Once registered, you will need to follow these simple steps:
- Access, from a computer, to your EU Login online account and identify yourself with your user passwords.
- Select “Manage my Security Keys and Trusted Platforms”.
- Insert the USB security key.
- Select “Add a security key” and identify it with a name.
>> Tutorial EU Login (Pages 5, 26 and 27).
Once added, to perform multi-factor authentication, the key is selected as the form of authentication, then it should be inserted into the USB port and click the corresponding button. It should be noted that users must safeguard this key properly to avoid misuse by third parties.
>> To explain the process, CEC-Germany has published a video tutorial.
About the ODR platform
The ODR Platform (Online Dispute Resolution) is an online tool developed by the European Commission for the resolution of online disputes that aims to help consumers and traders to resolve conflicts related to purchases of products and services contracted online. This platform can be used by all citizens residing in the European Union, Norway, Iceland or Liechtenstein to try to find the best possible solution to their consumption problems, to negotiate a solution directly with the company or to agree that a dispute resolution handles your case. It is a platform with no links to any Company, and can be used in all official EU languages, as well as Icelandic and Norwegian.