John Salter

Our Plans for YubiKey NEO & U2F

This is a common question for Yubico these days as media and end-users discuss recent password breaches and explore the promise of two-factor authentication combined with the standard Universal 2nd Factor (U2F) protocol from the FIDO Alliance.

Well I can tell you that the light you see at the end of the strong authentication tunnel is most definitely YubiKey NEO with U2F support. This is a powerful combination that begins to prove the viability and power of FIDO’s U2F protocol and the important role YubiKeys claim with support of the standard. We are truly moving toward one authentication key that can support 2FA to many services.

We are nearly ready for release except for some last minute issue resolution and Q&A reviews. Or said another way, we are close enough to spill some of the details. I can tell you what we have developed is a NEO update (version 3.3) that supports the latest U2F v2 review specification, including the USB protocol. Specifically, we have support for U2F over (raw) HID (human interface device). Version 3.3 also continues support for OTP and CCID modes (from version 3.2), or any combination of those two and U2F.

For the implementer, we are publishing software that allows you to build your own U2F ready authentication server. This will include Python-libraries for talking to U2F devices and Python-libraries for doing the U2F server-side crypto. We are releasing C and Java libraries as well, since that can be integrated in many environments. In addition, our demo service will be expanded to include U2F demo capabilities. When Chrome v38 goes into production, it will have support for YubiKey NEO v3.3.

We also will upgrade the YubiKey NEO Manager GUI to support mode-switching between OTP/CCID/U2F modes. We have already released new versions of the YubiKey Personalization library/tools, YubiKey NEO Manager library/tools, and YubiKey Cross-platform Personalization, and they all support the new 3.3 NEO version.

When will this be available? Our estimated time of arrival is by the end of October. Keep in mind, however, there are outside dependencies that could shift this timeframe, but I can assure you that the arrival of 3.3 will be a good day. We truly believe that U2F support will be the opening salvo on an entirely new generation of strong authentication — one that is simple to use and secure enough for a range of use cases across any enterprise.

Comments are closed.