FIDO U2F – Protecting Online Accounts
Are you concerned about losing account information by password theft, phishing, hacking, or keylogging scams? Now there is less to worry about.
The FIDO U2F Security Key by Yubico is a specially designed YubiKey, relying on high-security, public-key cryptography to provide strong authentication. Usernames and passwords are no longer enough to protect access to online accounts. The FIDO U2F Security Key is designed to insert it into any USB port, and works with any website that supports the FIDO U2F protocol, including Facebook, Google’s Gmail, Google Cloud and G Suite, GitHub, Dropbox, and Dashlane. And all it takes is a simple touch of a button!
How it works – 2 simple steps to authentication
- Enter your usual username and password in the login field of any app that supports FIDO U2F.
- Insert your Security Key in a USB port with the gold side up.
- Simply touch the gold button on the Security Key to generate your secure login credentials.
- Works seamlessly on Microsoft Windows, Apple Mac OS X, and Linux
- Touch the button to trigger security based on public-key cryptography: works instantly, no need to re-type passcodes from a device — replacing SMS texts, authenticator apps, legacy tokens, and similar devices
- Identifies as a USB HID device which is standard on all computers
- No client software or drivers need to be installed, no batteries, no moving parts — and works over USB
- Crush-resistant and waterproof; the Security Key is practically indestructible during normal use
- Weighs only 3g, and attaches to your keychain alongside your house and car keys
- Manufactured in USA and Sweden with high security and quality
Setting up the FIDO U2F Security Key
Facebook login: What is a security key and how does it work?
Google accounts: Gmail and Google Apps for Personal Use
GitHub account: How to Set Up Your YubiKey with GitHub
Dropbox account: Dropbox for Personal Use
Want to make sure you have the right Security Key? Verify you have a genuine Security Key by Yubico here!
More about the FIDO U2F Security Key
Each Security Key has an individualized secure chip which performs cryptographic functions triggered by a simple touch of the key. You never see the details, but behind the scenes FIDO U2F Security Key provides a unique public and private key pair for each application it protects. Only those keys can correctly complete the cryptographic challenge required for login.
The secure chip is of the same class as those used in SIM Cards, electronic passports, military electronic IDs and chip-and-pin credit cards. Like those devices, the chip is specially “hardened” so it’s extremely difficult to steal the secrets hidden inside. The secrets contained in the Security Key belong to the end-user exclusively and are never transferred, copied or stored by a service provider or any other application provider.
This is not a biometric device, instead it uses a capacitive sensor activated by the small bit of electricity the human body naturally produces.
More about Universal 2nd Factor (U2F)
FIDO U2F is an emerging open authentication standard, with native support in platforms and browsers. U2F breaks the mold for high security public key authentication, removing the complexity of drivers, specialized client software, and the traditional costly CA model. With FIDO U2F, one single YubiKey supports any number of online services, with no user information or encryption keys shared between the service providers. Learn more about FIDO U2F.
More from Yubico
Take a look at our other Yubico YubiKeys, which support a range of authentication methods and security features in different combinations and form factors including one-time passwords, OATH, Challenge-Response, smart card functionality (including OpenPGP and PIV), MIFARE, and Near-Field Communications.
Learn more about integrating FIDO U2F protocol with your online service at developers.yubico.com
What is Security Key and how do I get one?
The Security Key by Yubico relies on high-security, public key cryptography using the same tried and trusted hardware from Yubico. As U2F protocol support begins to spread across internet applications, the same Security Key will work with other U2F-enabled applications. The keys are available worldwide from Amazon.com and the Yubico store.
Can I use my Security Key with multiple Gmail Accounts?
Yes, the same FIDO U2F Security Key can be used to secure multiple Gmail accounts.
How many services can the Security Key be associated with?
There is no practical limit to the U2F secured services the Security Key can be associated with. During the registration process, the key pairs are generated on the device (secure element) but the key pairs are not stored on the Security Key. Instead, the key pair (public key and encrypted private key) are stored by each relying party/service that initiated the registration. Therefore, this approach allows for an unlimited number of services to be associated with the Security Key.
Can I use the U2F YubiKey I have for Gmail and other Google Accounts with Dropbox?
Yes!! The same U2F YubiKey can be used with any number of services and there is no practical limit to the U2F-secured services the FIDO U2F Security Key, Yubikey 4, and Yubikey NEO can be associated with.
During the registration process, the key pairs are generated on the device (secure element) but the key pairs are not stored on the YubiKeys. Instead, the key pair (public key and encrypted private key) are stored by each relying party/service that initiated the registration. Therefore, this approach allows for an unlimited number of services to be associated with the U2F-certified YubiKeys.
This means the same U2F-enabled YubiKey you use for Gmail or G Suite can be used with your Facebook, GitHub, and Dropbox accounts.
Can I log in to my Gmail account on my mobile device?
The YubiKey NEO includes the NFC transport, which is standard on most Android devices.
What browsers support the U2F-certified YubiKeys?
You must be running the latest version of the Google Chrome browser, which includes support for the U2F protocol. To check the version number, in your browser, click the Chrome menu in the toolbar, then select About Google Chrome. (Support for U2F is in versions 38 and later.)
At this time, Chrome is the only browser supported. However, Mozilla is currently building support for U2F and Microsoft is working within the FIDO Alliance to eventually bring support to Windows 10.
Can I use my Security Key to enable strong 2-factor authentication for my enterprise?
Any online service or application can integrate with the U2F protocol. Several of our partners, including Okta and Duo Security, offer enterprise server solutions supporting U2F. Learn more about Yubico’s Featured Integrations.
Is the YubiKey a biometric device?
No. The touch of a finger provides a small electrical charge that activates the key. There are no false positives/negatives to worry about.
How can I setup my Linux instance for use with U2F?
If you have a Security Key (blue color), follow these instructions:
- Go to https://github.com/
- Download or create a copy of the file named 70-u2f.rules into the Linux directory /etc/udev/rules.d/ (if this file already exists, ensure that the content matches the one provided on github.com/Yubico in the previous link)
- Save your file.
- Reboot your system.
Why doesn’t the YubiKey Personalization Tool recognize my Security Key?
The YubiKey Personalization Tool is used to program YubiKeys such as YubiKey 4 and YubiKey NEO, which offer other protocols in addition to U2F. The FIDO U2F Security Key by Yubico is a U2F-only device that cannot be programmed.