Did you know you can secure your forum account using two-factor U2F security keys, OTP Authenticator codes, and also passwordless Passkeys?
Step 1
Go to your profile. Click your avatar icon and then the profile icon;
Step 2
Click preferences
Step 3
Go to the security section
Step 4
Click Add Passkey
Then just follow the prompts!
Security implications
First, always check how your account security is configured. The weakest link sets the overall security level for your account access. On this forum, adding a passkey does not disable simple password login. If your password is weak, your account is still vulnerable. To secure your account properly, in addition to adding a passkey, you should enable one or more two-factor options like OTP Authenticator and / or a U2F security key.
Fun fact! The FIDO VivoKey Apex applet supports both FIDO2 resident keys (passkeys) as well as FIDO1 U2F (universal two-factor) fallback. Because of this, you can register the same Apex as both a Passkey authenticator and as a separate two-factor U2F security key! Of course, if you do this you will want to also add alternative backup methods of access, just in case you lose access to your Apex for some reason (yikes!)
U2F vs Passkey
So what’s the difference between U2F and Passkeys?
-
FIDO U2F (old school): An add-on security key for 2FA, i.e. second factor only. You still type a password, then tap a hardware key. It speaks CTAP1/U2F (USB/NFC/BLE), binds the credential to the site’s origin, and returns a challenge/response. No user verification on the key, no discoverable creds, no passwordless flow.
-
FIDO2 Passkeys (modern): Passwordless-capable. Combines WebAuthn + CTAP2 so the authenticator (hardware key or built-in platform) can store discoverable credentials (“passkeys”) and do user verification (PIN/biometric). Works as passwordless, 2FA, or MFA. Can be device-bound (security key) or synced across devices (platform passkeys). Same core phishing-resistance, far better UX.