What is FIDO U2F?
U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed.
Where did U2F come from?
FIDO U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, and many more. The next evolution of the FIDO U2F modern authentication protocol is FIDO2 which introduces passwordless authentication capabilities.
Click here for a list of featured services that use FIDO U2F.
How it works – 3 options, 2 simple steps to authentication
Origin binding: defense against phishing
With the U2F-enabled Security Key, such as the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers.
What are the advantages to U2F?
Decrease time to authenticate by > 4x
Reduce support desk costs by > 90%
No account takeovers when deployed fully
Made in Sweden and USA; secrets controlled by customers
Access to nearly 1,000 apps and services with no shared secrets
Water and crush-resistant; no network connection or batteries
- Blog: Google Publishes Two-Year Study on Use of FIDO U2F Security Keys
- Blog: A milestone for wireless U2F
- Blog: FIDO U2F Now Offers Contactless, Tokenless, Passwordless Mobile Authentication
To learn more about U2F for developers, visit the Yubico Developer Program.