# Security Keys

Keeper Administrators can enforce the use of FIDO2 security keys, and require that a security key can be used as the *only* 2FA method. Security Keys can be enforced for any type of account, including Master Password-based login and SSO login.

{% embed url="<https://vimeo.com/902413875?share=copy>" %}
Security Key as the Only 2FA Method
{% endembed %}

Administrators can also require the use of PIN associated with the hardware key.

Screenshot below:

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2FWJdg0bKUcq23IEwb2UY4%2FScreenshot%202023-10-03%20at%202.30.08%20PM.png?alt=media&#x26;token=de314052-1387-4cda-a95e-6bc6d30c9d4f" alt=""><figcaption><p>Two-Factor Authentication Enforcement</p></figcaption></figure>

### Important Notes Regarding Security Key Enforcement

Enforcing the use of a FIDO2 hardware security key has several implications for users which admins need to be aware of.

1. Support for enforcing a FIDO2 Security Key can vary based on the device operating system and device firmware capabilities. Ensure you are using the latest operating system and Keeper version.
2. Keeper supports both plug-in and NFC keys on mobile devices. Documentation and support for security keys is available on our end-user guide for [iOS](https://app.gitbook.com/s/-LSGVtOTYUIkVBoYtFvK/ios#fido2-webauthn-security-keys) and [Android](https://app.gitbook.com/s/-LSGVtOTYUIkVBoYtFvK/android#fido2-webauthn-security-keys).
3. Troubleshooting Keeper with Security Keys on iOS is [documented at this link](https://app.gitbook.com/s/-LSGVtOTYUIkVBoYtFvK/troubleshooting/hardware-security-keys-on-ios)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/enterprise-guide/roles/security-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.