FIDO U2F Now Offers Contactless, Tokenless, Passwordless Mobile Authentication

January 6, 2016 3 minute read

2016 is the year when FIDO U2F will unfold its promise of a “universal” second factor.

Successfully deployed with Gmail, Dropbox, and GitHub in 2015, the U2F open standard is now expanding to mobile devices. At the ShowStoppers @ CES (Consumer Electronics Show) event in Las Vegas, Yubico is demonstrating the first FIDO U2F-certified, NFC-enabled YubiKey device as well as a software-based U2F mobile client that brings public key cryptography to both consumer and enterprise mobile users with a tokenless and passwordless experience.

Near Field Communication (NFC) was developed as an open standard more than a decade ago, and is today supported in all leading mobile platforms and hundreds of millions of mobile devices. Designed for contactless identification and authentication, NFC has also successfully found its way into mobile payment systems and credit cards.

The YubiKey NEO is now the first device certified for U2F mobile authentication over NFC. GitHub is pioneering support for mobile U2F for their users, combining a username and password with a simple tap of the YubiKey to an NFC-enabled mobile device. And later this year, the first U2F devices with Bluetooth will enter the market, addressing high-security login from iOS devices where NFC capabilities currently are limited to systems owned by Apple.

Also at Showstoppers @ CES, Yubico is demonstrating a software-based U2F mobile client that does not require additional hardware. It’s designed for both iOS and Android, the second factor can be a password or the fingerprint used to unlock the phone, enabling the first tokenless and passwordless user experience for FIDO U2F. While external hardware authenticators, without internet connections, offer the highest level of identity protection, this software-based U2F mobile client does provide a heightened level of security compared to a static username and password login. For example, an online bank that adds supports for U2F allows its mobile users to perform lower-value transactions using the U2F mobile client only, while higher-value transactions would require U2F hardware authentication.

As a co-author and driving contributor to the FIDO U2F open standard, Yubico’s mission is to make secure login easy and available for everyone, while safeguarding privacy. The YubiKey NEO is available today at Amazon and Yubico web store  for $50 in single quantity retail price. During the coming spring, Yubico will be piloting the FIDO U2F mobile client with large-scale service providers.

Want more interesting reading on FIDO U2F?

How journalists and human rights organizations use FIDO U2F to protect their identity
How Google reduced time, support costs, and fraud with FIDO U2F

Share this article:

Recommended content

Thumbnail

Future-Proofing Authentication and Compliance for Healthcare Organizations

Healthcare continues to remain one of the most highly targeted industries by cyber criminals. In fact, with the COVID-19 pandemic, the industry has seen a doubling of the number of cyber attacks – attacks which are both costly ($9.23 million, on average) and disruptive. What’s even more troubling is that these attacks are likely to ...

Thumbnail

Put Your Finger on the Pulse of What’s New with the YubiKey Bio Series

Today, we are announcing the YubiKey Bio Series, Yubico’s first-ever YubiKeys supporting biometric authentication. The YubiKey Bio was first previewed at Microsoft Ignite in 2019 where we showed a live demo of passwordless sign-in to Microsoft Azure Active Directory accounts. We’ve taken the time to ensure that we are launching products that are highly secure ...

Thumbnail

GitHub no longer accepts passwords for Git authentication, secure your accounts with YubiKey

GitHub has been a longstanding supporter of strong security for its customers and developer communities. From its most recent support for using U2F and FIDO2 security keys for SSH, to its 2019 announcement of Web Authentication (WebAuthn) support for security keys and 2015 Universal Second Factor (U2F) support, the company has continued to give its ...

Thumbnail

Modern Authentication for the Federal Government: Enabling Mobile, Secure Authentication in Zero Trust Environments

Learn how DOD approved hardware security keys such as the YubiKey are ideal to fill PIV and CAC related authentication gaps across the federal government, and meet the MFA mandate in the Biden Executive Order 14028.