Difference between revisions of "FIDO U2F"
From MgmtWiki
(→Solutions) |
(→Solutions) |
||
Line 9: | Line 9: | ||
==Solutions== | ==Solutions== | ||
+ | * All solutions depend on [[Late Binding Token]]s that "account at a particular origin (of the [[Relying Party]], such as http://www.company.com) the device creates a new key pairusable only at that origin and gives the origin the public key to associate with the account." | ||
* [[Universal Serial Bus (USB)]] tokens are now widely available, most allow late binding of the user to the [[Web Site]] that requires this factor of [[Authentication]]. | * [[Universal Serial Bus (USB)]] tokens are now widely available, most allow late binding of the user to the [[Web Site]] that requires this factor of [[Authentication]]. | ||
* Other networks, link NFC or Bluetooth are offered for small hand-held devices, but have not been as successful as the USB versions. | * Other networks, link NFC or Bluetooth are offered for small hand-held devices, but have not been as successful as the USB versions. |
Revision as of 12:49, 30 August 2018
Full Title or Meme
A family of standards[1] for adding more factors to an existing interchange.
Context
This spec is partially succeeded by Web Authentication.
Problems
Existing Authentication protocols based on a User Name and Password are insufficient in a world were so many Users depend on the internet for so much of their daily lives. The first attempt at Multi-factor Authentication was Smart Cards using X.509 Certificates. This scheme worked for large Enterprises but was never accepted by regular Consumers of the internet.
Solutions
- All solutions depend on Late Binding Tokens that "account at a particular origin (of the Relying Party, such as http://www.company.com) the device creates a new key pairusable only at that origin and gives the origin the public key to associate with the account."
- Universal Serial Bus (USB) tokens are now widely available, most allow late binding of the user to the Web Site that requires this factor of Authentication.
- Other networks, link NFC or Bluetooth are offered for small hand-held devices, but have not been as successful as the USB versions.
"Why Johnny Doesn’t Use Two Factor: A Two-Phase Usability Study of the FIDO U2F Security Key" https://fc18.ifca.ai/preproceedings/111.pdf
References
- Angelo Liao +1, Introducing Web Authentication in Microsoft Edge. (2018-07-30) Microsoft https://blogs.windows.com/msedgedev/2018/07/30/introducing-web-authentication-microsoft-edge/
- Also see the page FIDO UAF for the Universal Authentication description.