FIDO U2F
From MgmtWiki
Full Title or Meme
A family of standards[1] for adding more factors to an existing interchange.
Context
This spec is partially succeeded by Web Authentication.
Problems
Existing Authentication protocols based on a User Name and Password are insufficient in a world were so many Users depend on the internet for so much of their daily lives. The first attempt at Multi-factor Authentication was Smart Cards using X.509 Certificates. This scheme worked for large Enterprises but was never accepted by regular Consumers of the internet.
Solutions
- All solutions depend on Late Binding Tokens that "account at a particular origin (of the Relying Party, such as http://www.company.com) the device creates a new key pairusable only at that origin and gives the origin the public key to associate with the account."
- Universal Serial Bus (USB) tokens are now widely available, most allow late binding of the user to the Web Site that requires this factor of Authentication.
- Other networks, link NFC or Bluetooth are offered for small hand-held devices, but have not been as successful as the USB versions.
"Why Johnny Doesn’t Use Two Factor: A Two-Phase Usability Study of the FIDO U2F Security Key" https://fc18.ifca.ai/preproceedings/111.pdf
References
- Angelo Liao +1, Introducing Web Authentication in Microsoft Edge. (2018-07-30) Microsoft https://blogs.windows.com/msedgedev/2018/07/30/introducing-web-authentication-microsoft-edge/
- Also see the page FIDO UAF for the Universal Authentication description.