Universal 2nd Factor
Universal 2nd Factor (U2F) is a new, open authentication standards initiative focused on scaling high security smart card technology beyond government and enterprise to every Internet user. U2F enables keychain tokens, mobile phones and other devices to securely access any number of web-based services – instantly and with no drivers or client software needed.
The U2F specifications were initially developed by Google, with contribution from Yubico and NXP, and are today hosted by the FIDO Alliance authentication standards organization.
The YubiKey NEO is the first authentication device to comply with U2F requirements, and has been successfully proven with thousands of daily users. By end of the year, we expect more than 200,000 YubiKey NEOs will be deployed within Google and elsewhere for U2F authentication.
How the YubiKey NEO works with U2F
Users will purchase their U2F compliant YubiKey NEO and register the device with any number of websites that supports U2F; these may include email, banking, government service, etc.
To authenticate, the user simply inserts the YubiKey NEO into their computer’s USB port, type their PIN or password in the login field and touch the YubiKey NEO to confirm that they are physically present and attempting to login.
To login to NFC mobile devices, the user just taps or swipes the Yubikey NEO to any NFC–enabled smartphone, tablet or computer. User authentication is done in an instant.
Benefits for the Internet user
- Superior security – Hardware PKI authentication and a user presence touch button protects against session hijacking, advanced Trojans, man in the middle, and malware attacks.
- Highest level of privacy – Introduces a truly user centric identity, where a user may own and control their own secure online identity. And each user can chose to have multiple identities, including anonymous (no personal information associated with the identity)
- Unmatched ease of use – A U2F device works out-of-the box, enabling authentication to any number of service in a simple touch. It identifies itself as a standard USB device and performs PKI encryption through the USB interface, which allows it to work on all platforms (Windows, OS X, Linux) with no drivers needed. With native support in browsers, starting with Chrome, the user will not have to install any software.
- Mobile – The user can carry their U2F device on a key-chain where it can be easily moved between any device and operating system with a USB or NFC interface, including a public computer. Eventually, we expect U2F to be integrated directly into mobile devices as well.
- Secure recovery – Users are recommended to sign-up at least two U2F devices to every service provider, which may also provide the user with a back-up code, should a U2F device be misplaced.
Benefits for the service provider
- Superior back-end security – No customer data or encryption secrets are shared between service providers, enabling a high privacy, high security and truly scalable eco-system.
- Open and interoperable –Developed to support a competitive market of component, token, software and service providers. With an open source server back-end option, the cost for integration can be minimized.
- Own or outsourced identity provider – Allows every service provider to be their own identity provider, or optionally provide authentication support through a federated service provider using SAML, oAuth, etc.
- Optional hardware distribution cost – As the user can buy the U2F devices directly, service providers do not need to purchase and distribute hardware to their users.
- Branding – For service providers who want to expose their brand to Internet users, U2F devices such as the YubiKey NEO can be designed in different colors, with printed logos, etc.