Tag: FIDO U2F security key

Ecosystem Showcase: How ID proofing, identity federation, and strong authentication protect digital identities

According to the NIST SP 800-63-3, digital identity is “the online persona of a subject.” Unlike personal identity, an individual can convey multiple digital identities across various networks and communities. In other words, one person can have one digital identity for their work email and another for a social media account. Given the possibility of

Thumbnail

Oct 12, 2017

The key to GDPR compliance and online privacy protection

The EU General Data Protection Regulation (GDPR) is a new set of mandates aimed to protect the privacy of internet users. From May, 2018, any organization operating, storing or processing data of EU citizens will be subject to the requirements. With the threat of hefty fines of €20M or 4% of worldwide turnover for non-compliance,

Thumbnail

Oct 3, 2017

Creating the Unphishable Security Key

How the FIDO U2F security key and YubiKey stop phishing and man-in-the-middle attacks Security is never stronger than its weakest link, and that weakest link is often the user. Not surprisingly, phishing attacks that target users are increasing not only in volume, but also in sophistication. Google knows that. Recently, the search giant updated their

Thumbnail

Sep 22, 2017

Firefox Nightly enables support for FIDO U2F Security Keys

This week, Mozilla enabled support for FIDO U2F (Universal 2nd Factor) security keys in the pre-beta release of Firefox, Firefox Nightly. Firefox is the second largest internet browser by user base. In the near future, 80% of the world’s desktop users, including Chrome and Opera users, will benefit from the open authentication standard and YubiKey

Thumbnail

Jun 22, 2017

NIST publishes new authentication standards, FIDO U2F achieves AAL3

After a year of review, the National Institute for Science and Technology (NIST) today released version 3 of its latest digital identity guidelines, outlining a number of updates that play to the multi-protocol functionality of the YubiKey. NIST Special Publication 800-63 Revision 3 covers guidelines on identity proofing and authentication of users (such as employees,

Thumbnail

Jan 24, 2017

3 Top Things to Consider When Implementing FIDO U2F With Your Service

Now more than ever, security must be built into everything. By leveraging open standards, instead of building security protocols from the ground up, organizations can provide strong authentication faster than ever before. We created the Universal 2nd Factor (U2F) protocol together with Google several years ago and offered it the world for free along with

Thumbnail

Dec 28, 2016

U2F Security Key Cuts Google AdWords Fraud

After a successful deployment of FIDO U2F enabled YubiKeys for all its staff, Google is now seeing the benefits of offering the technology to its customers with AdWords accounts. Hijacking of online advertising accounts not only costs customers whose accounts get bumped offline, but Google loses revenue when those accounts are dormant. The Association of

Thumbnail

Google Extends Multi-Factor Authentication Options With Prompt

Google yesterday released a third option for its two-step verification, complementing the Google Authenticator phone app and FIDO U2F Security Keys. This release supports moving from two-factor to a true multi-factor authentication offering Google Prompt is a push app for mobile authentication, similar to two-factor push solutions offered by others like Duo Security. There is

Thumbnail

May 8, 2016

U2F, OpenID Connect Align For Mobile Authentication

A year ago, Yubico described a cord-cutting mobile world where hard-wired ports were not needed to accommodate the security benefits of strong authentication. Since then, growth in the mobile device market has continued its explosion, including 1.4 billion smartphones shipped worldwide in 2015, according to IDC. Couple this development with standards work by the FIDO

UK Becomes the First Government to Offer Secure Online Identities Based on FIDO U2F Standards

Compromised online identities have reached a level that has exposed the weaknesses in usernames and passwords as well as traditional software security solutions. Government services around the world have a growing demand for strong two-factor authentication, but traditional hardware technologies have been too costly and complicated to scale for most countries and internet users. The