Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Which don't? For all the big major ones I've used U2F with, they've supported multiple keys for a while (or since introduction). It's practically a requirement in case you lose a key..

To name a few off the top of my head: Google, GitHub, Gitlab, Facebook, 1Password, etc.




Vanguard (where my company has their 401k plan) is one I have encountered that only supports a single Yubikey.


Not sure when you last checked, Vanguard supports up to 4 security keys.


Oh, great news, thanks for letting me know!


I just think Vanguard doesn't let you fully disable SMS though right? (but I only checked like a year ago..)


AWS only supports a single U2F key at the moment.


Before this, both LastPass and 1Password said they supported U2F via Duo, but Duo only supported one key, so I could never use it.


If that's the case, it must have changed at some point. Lastpass and Duo both support multiple U2F keys, and have for at least a couple of years. I have two keys registered with Duo for login at my school and also through Lastpass's non-Duo U2F support.


My college uses Duo and it has no such restriction, if you tried this recently and couldn't add more than 1, it is probably set by LastPass/1Password.


Duo Free used to have a restriction of one device, but it seems for U2F they now require one of their paid plans: https://duo.com/product/trusted-users/two-factor-authenticat...


I didn't even realize they had a free tier, makes sense.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: