Set Up Security Key 2FA

Beginning in May, 2023 we will be requiring two-factor authentication for all accounts. Read more on our blog.

Security keys are more secure than the default email method for two-factor authentication (2FA).

MaxMind allows for the use of any security key that meets the FIDO2 standard. Please note that some security keys will work across multiple devices (for example, a physical key like a Yubikey), while other security keys will be device-specific (for example, the biometric input on a MacBook or an Android phone).

If you enable security key 2FA, email 2FA will be disabled for your user. Learn more about email 2FA, enabled by default for all MaxMind users.

In order to use security key 2FA, you will have to set up a recovery method first.

Learn how to:

Manage 2FA methods

To manage your two-factor authentication, click on ‘Sign-in Security’ in the Account menu of your account portal [direct link, login required].

sign in security.png

Scroll to the Two-Factor Authentication (2FA) Method section to create a recovery method, or register new keys.

Set up a recovery method

Before you register your first key, you must set up an account recovery method in case you lose access to your security key. The system will allow you to register a security key without a recovery method, but until you have a recovery method in place your user will default to email 2FA. Learn more about email 2FA.

MaxMind uses one-time access codes for account recovery. You can generate one-time access codes by clicking ‘Generate recovery codes’ under ‘Set up recovery methods’. The codes will be displayed to you in your browser, and they will only be displayed once. You should copy them and store them in a secure location. If you navigate away from the page without storing your one-time access codes, you should generate new codes. If you lose access to both your security key and your one-time access codes, you will have to contact our support team to regain access to your account.

Register a new security key

After you have set up a recovery method, you should register your security key or keys.

Screen_Shot_2021-11-17_at_2.02.48_PM.png

Click on 'Register new key'.

Screen_Shot_2021-11-17_at_2.03.50_PM.png

Give your security key a name that will be easy to remember, and then click ‘Next’. You will now be prompted to register your key through your browser.

Users may register up to 5 security keys.

Use an Android device or iPhone as a security key

Please note that when setting up MaxMind Two-Factor Authentication using a method that is not a physical security key, the process may look different or involve slightly different steps depending on your devices or browser. For example, if the email account associated with your MaxMind username is hosted by Google, you can take advantage of Google’s other 2-Step Verification methods and use them for your MaxMind user account’s Two Factor Authentication. The below guide is provided for convenience, and to get you started. These instructions assume you are using Google Chrome. For instructions using other web browsers and devices, please consult the documentation for those browsers and devices online.

MaxMind allows you to register security keys that work with the FIDO2 standard. Physical security keys, like Yubikeys, are one of the most secure kinds of keys, however there are more common keys available as well, like Android phones, and iPhones.

Requirements:

  • You are logging into your MaxMind account using the Google Chrome browser.
  • Your MaxMind email/username is hosted by Google.
  • You have enabled 2-Step verification on your Google account. See Google’s documentation for instructions.
  • You have an Android device running Android version 7.0 or higher or an iPhone running iOS version 10 or higher.

Follow the instructions below to register your device:

  1. Follow the instructions above to set up a recovery method and register a new security key on your MaxMind account.
  2. When the pop-up window appears, click “Try another way.”
  3. If your device already appears in the list of registered devices, select it. Otherwise, click “Use a different phone or tablet.”
  4. If you selected “Use a different phone or tablet,” scan the QR code and follow the instructions.

This page was last updated on .

Was this article helpful?