What is FIDO Universal 2nd Factor?
U2F was developed by Yubico and Google, and contributed to the FIDO Alliance after it was successfully deployed for Google employees. The protocol is designed to act as a second factor to strengthen existing username/password-based login flows. It’s built on Yubico’s invention of a scalable public-key model in which a new key pair is generated for each service and an unlimited number of services can be supported, all while maintaining full separation between them to preserve privacy.
What does it mean to be FIDO U2F Certified?
FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO Alliance manages functional certification programs for its various specifications (e.g. U2F and FIDO2) to validate product conformance and interoperability. A FIDO U2F-certified device, such as a YubiKey, has gone through a full FIDO certification program and successfully meets all requirements
How does FIDO U2F work?
There are three main ways to use the FIDO U2F protocol in authentication: the first is passwordless or without a token, the second is with a hardware security key, the third option for mobile uses NFC with a security key. With the second option using your physical key, after you enter your username and password you’ll be prompted to enter your security key and simply tap and you’re in! With the third mobile option, there are security keys with NFC. After you enter your username and password all you need to do is tap or touch the registered device and you’re authenticated!
What are the advantages to U2F?
Decrease time to authenticate by > 4x
Reduce support desk costs by > 90%
No account takeovers when deployed fully
Made in Sweden and USA; secrets controlled by customers
Access to nearly 1,000 apps and services with no shared secrets
Water and crush-resistant; no network connection or batteries