FIDO U2F

From MgmtWiki
Revision as of 13:51, 30 August 2018 by Tom (talk | contribs) (References)

Jump to: navigation, search

Full Title or Meme

A family of standards[1] for adding more factors to an existing interchange.

Context

This spec is partially succeeded by Web Authentication.

Problems

Existing Authentication protocols based on a User Name and Password are insufficient in a world were so many Users depend on the internet for so much of their daily lives. The first attempt at Multi-factor Authentication was Smart Cards using X.509 Certificates. This scheme worked for large Enterprises but was never accepted by regular Consumers of the internet.

Solutions

  • All solutions depend on Late Binding Tokens that "account at a particular origin (of the Relying Party, such as http://www.company.com) the device creates a new key pairusable only at that origin and gives the origin the public key to associate with the account."
  • Universal Serial Bus (USB) tokens are now widely available, most allow late binding of the user to the Web Site that requires this factor of Authentication.
  • Other networks, link NFC or Bluetooth are offered for small hand-held devices, but have not been as successful as the USB versions.

"Why Johnny Doesn’t Use Two Factor: A Two-Phase Usability Study of the FIDO U2F Security Key" https://fc18.ifca.ai/preproceedings/111.pdf

References

  • FIDO Index of /specs/ https://fidoalliance.org/specs/
    • Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=FIDO_U2F&oldid=2901"