U2F now available on #gandiV5

Oct 10, 2017  - written by  in Security

Since 2013 we’ve offered two-factor authentication on Gandi accounts. Since then, the technology has evolved. The U2F (Universal 2nd Factor) standard has simplified and strengthened two-factor authentication, notably through the use of physical USB or NFC “keys”. On #gandiv5, you now can use your U2F key to authenticate your session.

This is an announcement we’re quite excited about. Today actually marks four years to the day that we announced the introduction of two-factor authentication on our platform so it’s only fitting that we’d be announcing that we’ve caught up with the latest technology.

A U2F “key” creates an added layer of security, as the key is physically stored on a device uniquely for this purpose which can be inserted into a USB port or detected by an NFC reader.

With the introduction of this option at Gandi, now is as good a time as any to secure your Gandi domains and other products with this added security layer. In fact, we recommend it.

Activating U2F on your Gandi account is pretty straightforward. Just go to “Your account“, under “Security.” Then, click on “Manage your U2F authentication,” then click on the “Add a new key” button, name your key, click Continue, insert your U2F key if you haven’t already, and that’s it.

For a more detailed walk through with screenshots, see our documentation. Otherwise, if you need help setting this up, feel free to contact our Customer care team, who are more than happy to help.

Leave a Reply

    My web site was stolen during the summer of this year. Some dubious group took it over and I could not access it. I contacted you as I’m fully paid up to next February and I got no help at all from you (administration) I had 20 years of my work on the web site and it was devastating to be helpless. Most of my work I still have but there are pieces I have lost for good. It will take me a long time to begin to get my work together again to put on another web site. Anyway, I am still disappointed that you did not even try to help me.


      Very sorry to hear about that. I looked into your ticket history with our support team and found the support tickets in question. It seems like the confusion comes from differentiating between domain name registration and website hosting. Our support team reported, and I was able to confirm that their assessment was correct, that while your domain is registered at Gandi, you have used a third-party DNS provider and website hosting for several years. That means that as much as we would have liked to have helped you, our support team gave you the best advice possible in this situation: to contact your website hosting provider. Again, we’re very sorry to hear that your website was lost, that’s a shame. But rest assured if we could have done more to help, we definitely would have.

      Jason gibson

      Help with security pkeade


      For any assistance, especially if it’s security-related, you should open a ticket with our customer care team here: help.gandi.net

    Chris Hills

    How can I remove TOTP once I have set up U2F (I have a minimum of 2 keys set up on my gandiv5 account as a precaution).. As an experiment, after adding my keys, I turned off and on the 2 factor authentication, and it seems to have reset the TOTP key. It should be possible to select 2fa methods. Even better would be to allow the choice of methods for certain security critical operations (e.g. require both TOTP and U2F to change domain contacts).


      Yes, turning TOTP off and on will reset the seed. As for requiring TOTP/U2F for security-critical operations on domains, the clientUpdateProhibited domain status effectively blocks any domain updates until this status is removed from the domain (at the registry). At the moment, the only way to activate this status is by requesting that from our Corporate services team (https://v4.gandi.net/corporate/buy). That said, being able to add and remove that status, with authentication via U2F or TOTP would actually be a great feature. I’ll suggest it.

    Edward OC

    It is highly confusing to the user when you enroll U2F keys and the 2FA enable checkbox remains disabled. Can you please fix your UX?!

      Edward OC

      I forgot to add – Gandi email accounts are still 1FA despite having enrolled U2F keys so the support isn’t quite complete


    The lack if 2FA at gandi mail it is very unacceptable nowadays. what are you waiting for?