I recently purchased a YubiKey 5 NFC USB-A security key to make logins more secure and easier across my online accounts. The below guide will show you how to set up secondary 2FA and register a YubiKey 5 NFC security key for Cloudflare account login.
Step 1. Login to your Cloudflare Account dashboard
Then go to your profile authentication section at https://dash.cloudflare.com/profile/authentication/management and Add a Security Key Authentication.
On a Windows 10 computer, you’ll be prompted to set a security PIN number which you need to use in conjunction with touch/tapping your YubiKey 5 NFC security key. The PIN is probably a safeguard against physical key compromise and acts as a third factor authentication mechanism.
Once PIN is set, you’d be prompted to tap/touch your YubiKey 5 NFC security key device to complete the process and the new security key will be listed.
Step 2. Cloudflare Account login with YubiKey 5 NFC security key
Now when you login into your Cloudflare Account with your YubiKey 5 NFC security key plugged into your computer’s USB port, you will be prompted to enter your security PIN you previously set and then to tap/touch the YubiKey 5 NFC device to login.
I’ve now registered my YubiKey 5 NFC security key with various service accounts including 1password, Github, Twitter etc. However, some services like Amazon AWS IAM and Namecheap only allow either software authenticators like Google Authenticator/Authy or security keys and not both at the same time. There are many YubiKey setup guides available on official YubiKey site too.
Update: December 6, 2021. With recent WordPress Gravatar data breach leaking username, names and email addresses, also decided to register my Yubikey security keys for WordPress.com logins as well.