How do I use a physical security key to protect my account?

Published on Jan 10, 2025Updated on Apr 29, 20253 min read2,296

What is physical security key?

A physical security key is a type of hardware-based authentication used to verify account access and transactions. Unlike software-based options, physical security keys work offline and are not reliant on cloud services, minimizing risks like account takeovers or unauthorized access.

Why choose physical security key?

A physical security key provides an additional layer of protection, especially against potential vulnerabilities in software-based options like authenticator apps and passkeys. While software-based options offer convenience, they also come with potential risks:

  • Authenticator apps: if synced with cloud accounts (e.g., Google or Microsoft), losing access to the account could expose the authenticator. Device theft also poses a threat if lock-screen security is compromised

  • Passkeys: while more secure than passwords, they rely on third-party account synchronization and can be accessed if the linked device is stolen and unlocked

If you are new to this technology and considering using physical security keys, here are some advantages and limitations to keep in mind:

Advantages

Limitations

Operates offline, eliminating risks from cloud synchronization or third-party account breaches

You may need time to understand how to use the hardware

Operates offline, eliminating risks from cloud synchronization or third-party account breaches

The device must be carried for use

Cost-effective compared to setting up a dedicated device for authenticator apps

Loss of the device or PIN could still pose challenges

How do I use the hardware security key?

We support advanced authentication methods, including hardware security keys, to help protect your account. You can use a hardware security key in two main ways:

1. Passkey Based Authentication

Use your hardware security key to verify your identity during logins and key actions—such as withdrawals—offering an extra layer of security against unauthorized access. Here's how to set it up:

  1. Go to okx.com, open the menu, and select Profile & Settings

  2. Navigate to Security Center > Passkey > Add Passkey > Use other equipment or external key

  3. Follow the prompts to confirm your PIN and complete the binding process


Once set up, your hardware key can be used for secure logins, withdrawals, and other sensitive operations.

2. One-time CAPTCHA-based authentication

Similar to other traditional authenticators (for example, Google Authenticator or Microsoft Authenticator), which generates time-based one-time passwords (TOTP). To set it up:

  1. Go to Profile & Settings on okx.com

  2. Navigate to the Authenticator App binding page and copy the key provided

  3. Use your hardware device to store the key and generate verification codes


This method provides enhanced security for actions that require one-time password input.

Where can I use the physical security key?

At OKX, physical security keys can be used in two primary scenarios:

  • For Passkey-based authentication

  • To generate one-time passwords (OTPs) for enhanced security, similar to using a regular authenticator app like Google Authenticator or Microsoft Authenticator

How to purchase a trusted physical security key?

When purchasing a physical security key, ensure you choose reputable brands like YubiKey or Ledger from trusted retailers. These devices are designed to offer high security without relying on cloud synchronization and are compatible with OKX's authentication systems.

If you'd like to learn how to set up and use your physical security key after purchase, please refer to the official website of the retailer or manufacturer for detailed instructions.

Disclaimer
This content is provided for informational purposes only and may cover products that are not available in your region. It is not intended to provide (i) investment advice or an investment recommendation; (ii) an offer or solicitation to buy, sell, or hold crypto/digital assets, or (iii) financial, accounting, legal, or tax advice. Crypto/digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding crypto/digital assets is suitable for you in light of your financial condition. Please consult your legal/tax/investment professional for questions about your specific circumstances. Information (including market data and statistical information, if any) appearing in this post is for general information purposes only. While all reasonable care has been taken in preparing this data and graphs, no responsibility or liability is accepted for any errors of fact or omission expressed herein. Both OKX Web3 Wallet and OKX NFT Marketplace are subject to separate terms of service at www.okx.com.

© 2025 OKX. This article may be reproduced or distributed in its entirety, or excerpts of 100 words or less of this article may be used, provided such use is non-commercial. Any reproduction or distribution of the entire article must also prominently state: “This article is © 2025 OKX and is used with permission.” Permitted excerpts must cite to the name of the article and include attribution, for example “Article Name, [author name if applicable], © 2025 OKX.” No derivative works or other uses of this article are permitted.