Questions tagged [fido-u2f]

FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard, allows greater user account login security

U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets. Since U2F has native support in platforms and browsers, there’s no need for drivers or client software

In order to take advantage of the security improvements provided by U2F, you'll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors

2 standards were created to envision a world without passwords:

YubiKey (dongle)
UAF (fingerprint, like iPhone 6)

YubiKey is a dongle that users carry to authenticate themselves. Compliant with FIDO, supported by Google and many other software vendors who need strong authentication.

Questions with this tag should be about programmatically accessing the key and validating users, not about the device itself.

Related links

Overview: https://www.yubico.com/applications/fido/
FIDO specs: https://fidoalliance.org/specifications/overview/
GitHub U2F docs: https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/

105 questions

votes

2 answers

Is it possible to use an Android phone as a 2FA device?

Is it possible to use Android as a 2FA device, like the 2-factor YubiKey sticks? Seems like it should be possible since I know Android is capable connecting as a USB accessory.

asked Jan 13 '16 at 23:20

dbkaplun

3,407
2
26
33

votes

2 answers

U2F integration with multiple FacetIDs without Chrome Extension but u2f-api.js

I try to implement U2F into my web application. Since the application is available with more than one URL, I have to add a JSON file with valid FacetIDs as described in the spec. Yubico has a shorter summary of that spec on their…

fido-u2f yubico

asked Nov 09 '15 at 13:20

MichaelS

3,809
2
26
33

votes

1 answer

Wrapping an exception when wrapping a third-party library

I have come across a small issue while I was making a simple API for the backend code of registration and login in a website with a FIDO device. I am basically wrapping the yubico u2f library and making it even simpler to use. The problem that I…

java exception wrapper libraries fido-u2f

asked Jun 28 '15 at 13:01

Aki K

1,222
1
27
49

votes

2 answers

Fido U2F client side javascript source code

I'm looking for a JavaScript source code (client side) to make communication between Fido U2F token and Google Chrome (Version 41.0.2272.89 m). Please help me

javascript google-chrome google-app-engine fido-u2f yubico

asked Mar 19 '15 at 16:14

Abdessamad Doughri

1,324
2
16
29

vote

1 answer

How to use U2F with NextJS

I am trying to implement U2F in my NextJS project. Currently I am using NextJS 13 (beta). I already have the server side code working with the u2f library but how do I implement it on the client side? const U2F = require("u2f"); const Express =…

node.js authentication next.js webauthn fido-u2f

asked Dec 01 '22 at 18:34

hantoren

vote

1 answer

Limit accepted cross-platform authenticators WebAuthn API

I'm currently creating a POC for WebAuthentication and I'm looking at a scenario where we could use cross-platform authenticators as a 2FA method. So essentially: user logs in to their account on the site, and proceeds to register an authenticator…

frontend webauthn fido fido-u2f

asked Jul 18 '22 at 15:12

Charise

vote

0 answers

Implement Fido2 in Android and iOS using React Native

I want to enable Fido2 authentication for passwordless login for my app. I read about Fido2 , but did not get proper information and the documentation is not clear, how to create the server and how it verify the data and all. What I get till now…

android ios react-native fido fido-u2f

asked Mar 25 '22 at 12:41

DevPy

vote

0 answers

Migrating U2F to WebAuthn in PHP

Since chrome is not going to support U2F anymore, I've been tasked with migrating our authentication to WebAuthn for Yubikeys. We were using https://github.com/Samyoul/U2F-php-server and I've found https://github.com/lbuchs/WebAuthn to replace it…

php webauthn fido-u2f yubikey

asked Feb 08 '22 at 17:00

Sarah

vote

1 answer

Getting credential from yubikey for passwordless

Just started to play around yubikey, my question is based on the following assumptions: Passwordless doesn't need to know the username based on the following demo Based on this doc the allowedCredentials can be omitted I registered the yubikey by…

yubico fido-u2f yubikey

asked Nov 03 '21 at 20:43

James Lin

25,028
36
133
233

vote

1 answer

How to Reset WebAuthn (FIDO) Dongle Password?

I am implementing WebAuthn for my website and I set the userVerification: "required". I set a password on my dongle. How can I reset my dongle password?

webauthn fido-u2f fido

asked Apr 14 '21 at 07:20

CredentialMelon

vote

0 answers

(Why) are there no FIDO keys with displays?

Since FIDO keys have no displays, you can only use them to authenticate yourself, not to authorize some action (you don't know what action you'd be authorizing). Or, if you want to authorize something, you need to trust your browser that it is…

fido-u2f fido

asked Mar 08 '21 at 20:56

Sebastian

1,839
12
16

vote

0 answers

problem with 2-step verification in gmail using FIDO U2F virtual authenticator

I am in developing application for Android smartphone for make WebAuthn authentication using FIDO U2F protocol by NFC interface. For reference purpose I use Yubikey 5 NFC Token. The application creates virtual token and support FIDO U2F NFC protocol…

nfc gmail-api google-account webauthn fido-u2f

asked Feb 09 '21 at 08:53

Evgeniy

vote

3 answers

FIDO2 key without user presence check

Is it possible to have a FIDO2 usb key which I can use as a second factor without requiring me to perform the user presence check? All the keys I've checked so far (YubiKey, Solo Keys, etc.) require me to tab them. The intention is to use such a key…

fido-u2f

asked Oct 08 '20 at 16:28

Max Maier

vote

1 answer

Cannot Generate U2F Public/Private Keypair for ssh : FIDO_ERR_RX

I'm currently experiencing issues generating a U2F public/private key-pair in the terminal with the following command: ssh-keygen -t ecdsa-sk -vv Running this command provides the following error: Generating public/private ecdsa-sk key pair. You may…

ssh openssh ecdsa ssh-keygen fido-u2f

asked Jun 11 '20 at 16:56

Zentrios

vote

1 answer

How can I replace navigator.credentials.create request or response parameters through a Chrome extension?

I am working on a chrome extension to modify U2F create request parameters from a web service. Is it possible to replace navigator.credentials.create request or response parameters through a Chrome extension? I couldn't find resources related to…

javascript google-chrome google-chrome-extension navigator fido-u2f

asked Feb 05 '20 at 00:20

tarun14110

Prev 1 2

4 5 6 7 Next