Questions tagged [fido-u2f]

FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard, allows greater user account login security

U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets. Since U2F has native support in platforms and browsers, there’s no need for drivers or client software

In order to take advantage of the security improvements provided by U2F, you'll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors

2 standards were created to envision a world without passwords:

YubiKey (dongle)
UAF (fingerprint, like iPhone 6)

YubiKey is a dongle that users carry to authenticate themselves. Compliant with FIDO, supported by Google and many other software vendors who need strong authentication.

Questions with this tag should be about programmatically accessing the key and validating users, not about the device itself.

Related links

Overview: https://www.yubico.com/applications/fido/
FIDO specs: https://fidoalliance.org/specifications/overview/
GitHub U2F docs: https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/

105 questions

votes

0 answers

DOMException: The operation failed for an unknown transient reason when trying webauthn

I want to implement a register/login system with webauthn. My server is running NodeJS(express) and my frontend is React. I am using the fido2-lib library on my backend. The problem is that when I call navigator.credentials.create, I get the error:…

asked Apr 05 '22 at 13:37

dlllinks

votes

1 answer

How to disallow the FIDO Webauthn key registration from virtual authenticator browser extension

The virtual authenticator extension provided in Chrome (virtual authenticators tab) is used for testing / debugging the FIDO2 Webauthn authentication mechanism without using physical authenticator keys. This is useful in automated testing e.g. via…

webauthn fido-u2f fido

asked Oct 05 '20 at 13:53

PJW

votes

1 answer

FIDO2 compatibility with U2F/CTAP1

There are many sources that say FIDO2/CTAP2 is backward compatible with U2F: ...all previously certified FIDO U2F Security Keys and YubiKeys will continue to work as a second-factor authentication login experience with web browsers and online…

webauthn fido-u2f fido

asked Mar 12 '20 at 06:58

Robert Quattlebaum

votes

2 answers

Getting a valid facetID for an Android app for using with com.google.android.gms.fido.u2f.api

I have two questions regarding the appID in the Android FIDO U2F API. Is it possible to use the facetID identifying my app directly or does it need to be an HTTPS URL pointing to a JSON containing valid facetIDs? I suspect that it may not be…

android fido-u2f

asked Mar 29 '18 at 12:59

Thomas Brown

votes

1 answer

U2F with multi-facet App ID

We have been directly using U2F on our auth web app with the hostname as our app ID (https://auth.company.com) and that's working fine. However, we'd like to be able to authenticate with the auth server from other apps (and hostnames, e.g.…

fido-u2f yubico

asked Nov 03 '16 at 14:11

Mike Campbell

7,921
2
38
51

votes

1 answer

FIDO2/WebAuthn "This security key doesn't look familiar."

I am playing with a YubiKey and JavaScript in-browser WebAuthn APIs. I am trying a very minimal "Hello, World!" example which just tries to do a minimal: navigator.credentials.create and then a navigator.credentials.get (with minimal, even…

webauthn fido-u2f yubikey

asked Jul 22 '22 at 14:40

Brad

11,262
8
55
74

votes

1 answer

Emulate U2F token for automated test of web login in Cypress

I want to automate login for website that uses U2F with usb security key all on Cypress + TS. My script should emulate key and pass it to browser. For now I've been using https://github.com/github/SoftU2F which is a good solution, but still…

javascript emulation fido-u2f webauthn fido

asked Nov 25 '19 at 09:37

Bogdan Slyusarenko

votes

1 answer

How to Get WebAuthn to Work with a Roaming Authenticator?

The W3C recently approved Web Authentication: An API for accessing Public Key Credentials, commonly referred to as WebAuthn. In section 6.2.1 the recommendation states, "For example, a platform authenticator integrated into a mobile device could…

android authentication fido-u2f webauthn fido

asked May 22 '19 at 00:28

user2782

votes

0 answers

How can i encypt and decrypt file using yubico (public and private key)

I try to encrypt a file using yubico public key and decrypt using yubico private key. But I am unable to generate private and public key from yubico. I already develop some example of fido2 with yubico. but it is not working properly.

javascript node.js express fido-u2f yubico

asked Mar 29 '19 at 13:13

Solanki ram

votes

1 answer

Duplicate Registration of the same Yubikey U2F device

I have a doubt. I have set a complete solution around the Yubico U2F keys. But now, I cannot stop duplicate registration of the same device for an user for the same app id. While checking on the keyhandles on my database they show different values…

fido-u2f yubico

asked Feb 12 '19 at 05:02

Sidharth Satheesh

votes

1 answer

Incomplete Implementation of CTAP2 (FIDO2) protocol in Chrome?

I've been investigating the implementation of CTAP2 protocol with Google Chrome (protocol between Fido Authenticator and Fido Client (e.g. Chrome)), which should be supported in Chrome since version 69. So I dumped the chrome request to the…

google-chrome chromium fido-u2f webauthn fido

asked Jan 28 '19 at 11:42

watts

votes

0 answers

Using U2F from a custom Chrome extension instead of a regular web page

I want to use custom Chrome extension as a frontend for my service, and I need authentication via U2F. Seems like a legitimate use case, but I have some doubts whether it's possible. E.g. the rules for AppID say that AppID could only be https://...,…

google-chrome-extension fido-u2f

asked Aug 05 '18 at 20:56

Dmitry Frank

10,417
10
64
114

votes

2 answers

How can I create a user using htdigest without prompting for password

I'm writing a DockerFile to build an image with apache2 and u2fval, and I need to create credentials for one user using apache2 digest. But the command: htdigest -c /whatever/myfile.digest "realm" user will always ask user for password, is there a…

docker apache2 fido-u2f htdigest

asked Feb 16 '17 at 10:29

Mourad Hilmi

votes

1 answer

FIDO U2F on a site with changing hostnames/IP addresses

I have a situation, where I want to implement FIDO U2F (using YubiKey) on an administrative interface to a load balancer, so that after login, in order to administer the system - U2F must be used as an extra layer of authentication. Over the life…

google-chrome authentication two-factor-authentication fido-u2f yubico

asked Jun 23 '16 at 13:27

Slaro

votes

0 answers

Simple HTTPS to HTTP proxy

I'm trying to test out U2F on Google Appengine. Unfortunately dev_appserver.py, the development app server for local testing, only runs in HTTP, and the U2F standard requires that the web server be connected over HTTPS. There are some options for…

google-app-engine ssl fido-u2f

asked Feb 03 '16 at 03:47

Brian M. Hunt

81,008
74
230
343

Prev 1

3 4 5 6 7 Next