A YubiKey security key can be purchased from Yubico for as little as $20 (in the case of their “Security Key by Yubico” product):
A few days after Binance announced that it had suffered a security breach on May, Binance CEO Changpeng Zhao (aka “CZ”) said via a “Security Incident Update” published on Binance’s blog that the Binance team was “making significant changes to the API, 2FA, and withdrawal validation areas”, and as a result, it would be improving Binance’s two-factor authentication (2FA) by implementing support for hardware-based security keys such as Yubico’s YubiKey devices, and that in fact, Binance would be giving away “1,000 YubiKeys as soon as that feature is implemented.”
Then, on June 27, CZ sent out a tweet that told Binance users that YubiKey support had been implemented and it was in the beta testing stage. He also explained that Binance was at that time only using a YubiKey device (for those customers that had set one up for their accounts) for verifying withdrawals:
— CZ Binance (@cz_binance) June 27, 2019
On the same day, a Binance support article explained how users could use a YubiKey device for 2FA.
The next day, a Binance blog post announced that Binance had added support for two-factor authentication (2FA) through hardware security keys,” and that this was ” in addition to the SMS and Google Authenticator options supported on the website and apps.”
Furthermore, this post explained that the “Binance website, both on desktop/laptop and mobile, now supports the FIDO2 open authentication standard,” which means that “2FA devices that support this standard, like YubiKey, Trezor, and others, can be used as security keys” for Binance accounts. It also said that Binance’s mobile apps would be adding this feature in the future.
Earlier today, Binance sent out a tweet to notify users that they can now use 2FA via security keys for “Withdraw & API”, “Log In”, and “Password Reset”); Binance also, once again, recommended using a YubiKey device as a security key:
You may now enable authentication via security key for:
Withdrawal & API
— Binance (@binance) July 22, 2019
Featured Image Courtesy of Binance. YubiKey Device Image Courtesy of Yubico.