Questions tagged [fido-u2f]

FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard, allows greater user account login security

U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets. Since U2F has native support in platforms and browsers, there’s no need for drivers or client software

In order to take advantage of the security improvements provided by U2F, you'll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors

2 standards were created to envision a world without passwords:

YubiKey (dongle)
UAF (fingerprint, like iPhone 6)

YubiKey is a dongle that users carry to authenticate themselves. Compliant with FIDO, supported by Google and many other software vendors who need strong authentication.

Questions with this tag should be about programmatically accessing the key and validating users, not about the device itself.

Related links

Overview: https://www.yubico.com/applications/fido/
FIDO specs: https://fidoalliance.org/specifications/overview/
GitHub U2F docs: https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/

105 questions

vote

1 answer

How to enable web app U2F via NFC on mobile

If you attempt to login to github on mobile web, it automatically detects that it's a mobile device and lets you authenticate using a NFC key. I cannot find any documentation for implementing NFC 2FA for mobile web, anyone know how this is…

asked Dec 08 '19 at 15:18

user1130176

1,772
1
23
33

vote

1 answer

Cannot register a U2F key with javascript & python APIs

I'm trying to implement U2F authentication devices in my django app. The primary issue now is, all of my front-end registration calls fail. I'm using the u2f-api.js script and the python-u2flib-server python script to implement this. I am…

javascript django fido-u2f

asked Apr 18 '19 at 14:00

rob

2,119
1
22
41

vote

1 answer

How do I use from security token for FIDO?

I have a USB security token, that is used for generate key-pair and save secure data in it's memory. Communication with this token is by c++ library. Like readMemory() and writeMemory() also genKeyPair(). I want to use this token in FIDO solution.…

two-factor-authentication fido-u2f fido

asked Dec 12 '18 at 12:07

VOLVO

vote

3 answers

FIDO - How does the FIDO server verify the integrity of inbound public key during registration phase/ceremony?

Trying to wrap my head around the FIDO protocol suit. Premise Authenticator has a master private key(also called attestation key) During the registration ceremony, authenticator signs the challenge and a couple of other parameters along with the…

pki fido-u2f webauthn fido

asked Oct 13 '18 at 09:11

riceplatereddy

vote

1 answer

FIDO U2F in offline environment

I want to use the U2F protocol for an offline application. This application has no connection to the internet, and I was wondering if its even possible to use U2F in an offline environment, as it requires some origin. Please note localhost is…

offline fido-u2f

asked May 31 '18 at 08:33

Lars Dormans

vote

1 answer

How to be FIDO Compliant with existing registration / login functionality

I have existing website with Registration & Login functionality. I want to make this process FIDO Compliant with implementation of UAF / U2F and later FIDO2. Unfortunately couldn't find step by step series of tutorials.I want to implement this using…

fido-u2f fido webauthn

asked Apr 19 '18 at 05:31

Khalid Bin Noor

vote

0 answers

Errors with U2F in Electron

When loading a file:///path/to/index.html via Electron, I get the two following errors: chrome-extension://kmendfapggjehodndflmmgagdbamhnfd/u2f-comms.html Failed to load resource: net::ERR_NOT_IMPLEMENTED Failed to execute 'postMessage' on…

electron fido-u2f

asked Mar 15 '18 at 12:02

jeanpaul62

9,451
13
54
94

vote

0 answers

FIDO U2F Key: Sign authentication challenge in Chrome returns error code 4 (works in FF)

We are trying to add authentication via Yubico FIDO U2F Security Key to our admin website. This works in FireFox with the U2F add-on installed but signing a challenge (using javascript) to log in keeps returning {errorCode: 4}. Does anyone know…

challenge-response fido-u2f yubico

asked Jun 09 '17 at 14:50

Dean Voets

vote

3 answers

Multi Factor Authentication WSO2

I am trying to achieve MFA in WSO2. I made changes as per the below link but nothing worked, https://docs.wso2.com/display/IS510/Multi-factor+Authentication+using+FIDO I am a bit confused, do we need a physical U2F device to achieve this MFA? Are…

authentication wso2 fido-u2f wso2-identity-server

asked Apr 06 '16 at 05:51

John Seen

vote

2 answers

Fingerprint scanning using FIDO UAF for mobile application

I am member of FIDO alliance. I'm working on one Mobile application where for security purpose I would like to include fingerprint scanning. I have referred to all documents available / provided by FIDO UAF for user management.. and that is exactly…

java android fingerprint scanning fido-u2f

asked Jan 02 '16 at 11:16

Kirtikant Patadiya

vote

1 answer

Laravel 5 Multi-Factor Authentication

I'm looking at implementing two-factor authentication for one of my projects. I've seen: https://github.com/bitbeans/Yubikey https://github.com/antonioribeiro/google2fa https://github.com/lahaxearnaud/laravel-u2f And I want to leave the choice up…

php authentication laravel-5 two-factor-authentication fido-u2f

asked Jun 28 '15 at 21:59

Will G

vote

2 answers

U2F multi-facet AppID not working in Chromium v40.x

I use U2F to authenticate users to the web service. When I deploy U2F with a single-facet AppID in the form of "https://example.com" everything works great. However, when I try providing multi-facet AppID to Chrome browser during the Yubico key…

security google-chrome fido-u2f

asked Feb 28 '15 at 03:27

Slawomir

3,194
1
30
36

vote

1 answer

U2F Application ID (Facet ID) for a web site

The u2f dev guide leaves this part unspecified: will a single-facet AppId without the www prefix work for a visitor who accesses the site with the www-prefix? Will browsers consider them a match? If not, I believe there are two alternatives for U2F…

two-factor-authentication fido-u2f

asked Jan 03 '15 at 15:14

Slawomir

3,194
1
30
36

votes

1 answer

How can I use hardware keys (Yubikey and Titan Key) with multiple applications?

I am developing a Saas application, that implements the 2 Factor Authentication feature, using hardware keys (Yubikey, Titan Key), using WebAuthn/U2F protocol. The feature is working well for registering and authenticating in web version. However,…

flutter mean-stack webauthn fido-u2f yubikey

asked Aug 17 '23 at 11:51

Zohra

votes

0 answers

fido_dev_make_cred returns success but attstmt and authdata are null

Trying to perform registration using my YubiKey 5C Nano device. I have a YubiKey 5C Nano device with PIN set. Product details - YubiKey OTP+FIDO+CCID. I tried to use fido_dev_make_cred(device, cred, pin), this returns a FIDO_ERR_SUCCESS but the…

macos rust webauthn fido fido-u2f

asked May 01 '23 at 04:37

hyoyin_Kyuoma

Prev 1 2 3

5 6 7 Next