- To activate two-factor authentication (2FA for short), log into Hetzner Accounts.
- There, you will find the menu item Two-factor authentication under the item Settings. There, please click on Enable 2-FA.
- Enter your account password and confirm that if you lose your recovery key, you will only be able to receive a replacement recovery key via regular mail.
- You will then be redirected to an overview of your customer number and recovery key. Once you have noted it down and stored it safely, continue by clicking on SET UP AUTHENTICATION.
- Now, select the authentication method you want to set up, follow the instructions, and fill in the fields.
- Once you are done adding the authentication method, you will see an overview of the authentication methods you have created so far, their status, and a few more details.
The following screenshot explains this overview in more detail:
You can find a table of compatible YubiKeys and a step by step guide to configure it on Yubico´s webseite:
Please follow all steps closely. After you have completed the configuration you can test the OTP on Yubico´s demo website:
If the validation is successful you can use your YubiKey as 2FA in your Hetzner Account.
If the login with activated 2FA does not work, you have the red option DISABLE 2FA under the VERIFY button. If you enter your recovery key there, you can log into your account and you will deactivate the 2FA.
If you lose your recovery key, you will only be able to receive a replacement recovery key via postal mail. You can request a new recovery key by sending us an email to firstname.lastname@example.org . There please state your client ID and postal address.
Yes, you can add multiple of authentication methods. You can also have several authentication methods active at the same time, and you can then use any of the active methods for the login.
It could be that your YubiKey is not configured correctly. Please read the article above.