Questions tagged [fido-u2f]

FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard, allows greater user account login security

U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets. Since U2F has native support in platforms and browsers, there’s no need for drivers or client software

In order to take advantage of the security improvements provided by U2F, you'll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors

2 standards were created to envision a world without passwords:

YubiKey (dongle)
UAF (fingerprint, like iPhone 6)

YubiKey is a dongle that users carry to authenticate themselves. Compliant with FIDO, supported by Google and many other software vendors who need strong authentication.

Questions with this tag should be about programmatically accessing the key and validating users, not about the device itself.

Related links

Overview: https://www.yubico.com/applications/fido/
FIDO specs: https://fidoalliance.org/specifications/overview/
GitHub U2F docs: https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/

105 questions

votes

2 answers

How do I use FIDO U2F to allow users to authenticate with my website?

With all the recent buzz around the FIDO U2F specification, I would like to implement FIDO U2F test-wise on a testbed to be ready for the forthcoming roll out of the final specification. So far, I have a FIDO U2F security key produced by Yubico and…

google-chrome authentication fido-u2f

asked Oct 29 '14 at 18:07

761838257287

votes

2 answers

Which websites support U2F?

FIDO Alliance's Universal 2nd Factor (U2F) is a new and promising approach to replace passwords. The FIDO Alliance comprises of many players but so far only Google website seems to support it. Are there other websites I can use to login with my U2F…

authentication fido-u2f

asked Jan 14 '15 at 06:28

jans

1,768
3
17
22

votes

4 answers

FIDO U2F tokens Web Browsers compatibilty

I'm trying to integrate U2F Authentication in GWT project and I need to know if is this solution compatible with all new web browsers (Firefox, Internet Explorer, Safari...)? Normally in Google Chrome I've to install a plugin that's called "FIDO U2F…

browser web-applications fido-u2f

asked Mar 18 '15 at 10:03

Abdessamad Doughri

1,324
2
16
29

votes

2 answers

Bundler error message "Revision master does not exist in the repository"

When trying to install the gem "u2f" from the repo at "castle/ruby-u2f" I get an error message: Fetching git://github.com/castle/ruby-u2f.git fatal: Needed a single revision Revision master does not exist in the repository…

bundler fido-u2f

asked Aug 19 '16 at 01:39

Les Nightingill

5,662
1
29
32

votes

1 answer

U2F support without the U2F Chrome extension

I've started fiddling around with U2F and it's looking really promising. Got myself some security keys and started digging into it. I've managed to create a working register/login demo website which works well using the U2F tokens and the U2F Chrome…

javascript google-chrome google-chrome-extension fido-u2f

asked Nov 26 '14 at 20:20

Mihai Caracostea

8,336
4
27
46

votes

2 answers

Check browser for U2F capability

Is there a way to check whether a browser supports U2F or not? I know that right now, Chrome is the only browser that officially does U2F, but there are addons for Firefox and there may also be customized browsers which may have gotten U2F. I don't…

javascript authentication fido-u2f

asked Jan 27 '16 at 23:37

My1

votes

1 answer

Firebase Fido2 Authentication Support

I know that Google's Firebase/Firestore platform supports multiple authentication methods/backends, but I'm not currently seeing any option for Fido2 or WebAuthn for Firebase Authentication. Does anyone know if Google has a timeline to release…

firebase fido-u2f webauthn

asked Dec 10 '18 at 16:36

ELCormier

votes

1 answer

Does Chrome on Android support User Verification on security key using Webauthn / FIDO2?

I'm building a site that is using Webauthn for passwordless log in. Currently, this is working great on Chrome for Windows and macOS. I'm using a YubiKey 5 to test my implementation which supports using a PIN to provide User Verification instead of…

android google-chrome fido-u2f webauthn fido

asked Aug 24 '19 at 22:01

petschekr

1,293
1
13
19

votes

2 answers

Android WebView Support WebAuthn?

I am not an android developer and stuck at an android thing. I hope someone here can help me out. I am implementing WebAuthn/FIDO2 on my website, which is working perfectly fine with the browsers. But when I open my website in my android app…

android fido-u2f webauthn fido

asked May 22 '19 at 13:35

Priyanka

votes

1 answer

Unable to use AppId extension with WebAuthn for previously registered U2F keys

With the eminent demise of the u2f api, I'm trying to move to WebAuthn APIs using the AppId extension to support security keys previously registered with U2F. As best I can tell from reading the docs I think I am doing it correctly, however, when…

webauthn fido-u2f

asked Nov 16 '21 at 17:02

Phillip

votes

0 answers

Unable to register U2F token from the Chromebook login window

We have our own SSO server which has the feature to allow U2F token registration from within the authentication process. This feature works well on a PC using Chrome (with or without the U2F browser extension). It also works well when used from the…

javascript authentication google-chrome-os chromebook fido-u2f

asked Jun 23 '15 at 02:32

user5038420

votes

0 answers

FIDO2 on Android using Xamarin

We have an android app using Xamarin and webview. Our customers use the app to connect to their own server and would like to use FIDO2 passwordless sign-on; they currently use username and password. Is there a solution for this out there? Where…

android xamarin fido-u2f

asked Feb 21 '20 at 22:16

taysoren

votes

2 answers

Mobile Authenticator using CTAP2 specifications

I am looking for the use case/scenario for setting up a smart phone as an authenticator using CTAP2 specifications. I am looking for the use case in which a user setup the browser to interact with their smart phone the same way it would when using…

authentication mobile fido-u2f webauthn fido

asked Aug 06 '19 at 15:33

mehak

votes

3 answers

How do you implement FIDO U2F using Webauthn APIs?

I am currently using the window.u2f APIs to implement U2F two-factor authentication with my website. These are natively available in Firefox (when the about:config flag is enabled) and through Chromium with the u2f-api.js library. My implementation…

fido-u2f webauthn

asked Dec 05 '18 at 20:41

kspearrin

10,238
9
53
82

votes

1 answer

Wildfly 10 BouncyCastleCrypto ECDSA key spec not recognized

I am adding support for FIDO U2F to my J2EE application (which is basicaly securing login with hardware token). I am using library from yubico, u2flib-server-core, which handles cryptographic operations in protocol using BouncyCastleCrypto. Hovewer,…

java jakarta-ee wildfly bouncycastle fido-u2f

asked Mar 27 '16 at 21:14

Martin Hlavňa

2 3 4 5 6 7 Next