Questions tagged [fido-u2f]

FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard, allows greater user account login security

U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets. Since U2F has native support in platforms and browsers, there’s no need for drivers or client software

In order to take advantage of the security improvements provided by U2F, you'll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors

2 standards were created to envision a world without passwords:

YubiKey (dongle)
UAF (fingerprint, like iPhone 6)

YubiKey is a dongle that users carry to authenticate themselves. Compliant with FIDO, supported by Google and many other software vendors who need strong authentication.

Questions with this tag should be about programmatically accessing the key and validating users, not about the device itself.

Related links

Overview: https://www.yubico.com/applications/fido/
FIDO specs: https://fidoalliance.org/specifications/overview/
GitHub U2F docs: https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/

105 questions

votes

1 answer

Erlang :crypto, oid to NamedCurve

When I am decoding a certificate, I get the following data: {:OTPSubjectPublicKeyInfo, {:PublicKeyAlgorithm, {1, 2, 840, 10045, 2, 1}, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}} I know by doing some quick googling that the namedCurve corresponds…

asked Oct 17 '17 at 05:44

tomciopp

2,602
2
31
60

votes

1 answer

Wso2 Identity server 5.3.0 and fido token

I am using WSO2 IS 5.3. I integrated it with U2F. When I use it in authentication, it give me a blank page (https://localhost:9443/authenticationendpoint/fido-auth.jsp) but when I use it with previous version its work well! What is the problem…

wso2 fido-u2f wso2-identity-server

asked Jun 15 '17 at 08:57

awadalla ahmed

votes

1 answer

U2F FIDO - application & challenge parameter

When a user want to register his device, the relying party provide some parameters which are : a challenge, appID, Version of protocol The user performs then a "user presence test" by touching the button on his device sending those informations…

authentication challenge-response fido-u2f

asked Jun 06 '17 at 23:31

QBl

votes

2 answers

Why is U2F login a two-step protocol?

In theory, logging-in with a registered token could be accomplished in a single step... server sends challenge with the login form user responds with username, password and signed challenge. However the FIDO protocol adds an additional…

fido-u2f

asked Mar 26 '17 at 22:28

Les Nightingill

5,662
1
29
32

votes

1 answer

U2F with fat java client

I was wondering, whether it is possible to run U2F with a fat java client, as I had no luck finding any java libraries that allowed sending queries to the authenticator token. Is such support possible or planed?

java fido-u2f

asked Feb 24 '17 at 22:17

Marek Puchalski

3,286
2
26
35

votes

0 answers

Physical security item with Google Chrome

The escenario: a user attach an USB pen drive or somerhing else and a webapp allows the user to Work withe the tabs. If that object is detached then the webapp will deny any operation I've seen FIDO U2F but it doesnt reslly Work because the user…

javascript google-chrome fido-u2f

asked Nov 05 '16 at 22:46

JoséMi

11,642
2
21
25

votes

1 answer

How To Get Public and Private Key of U2F Token (eg. Yubikey Neo) in Java

I am trying to create an application that can retrieve the public and private key from a U2F token such as Yubikey Neo in Java language. I tried using a simple Scanner in the console to get anything from the Yubikey Neo but it would not work as it…

java fido-u2f yubico

asked Aug 22 '16 at 08:45

Ihsan Haikal

1,085
4
16
42

votes

1 answer

Retrofit not attaching body to request

I'm building a U2F-compliant client that simply needs to send a JSON object with the following structure to a POST URL: { challenge: [Base64-encoded String of 32 bytes], registrationData: [Base64-encoded String of variable bytes] } Here is an…

node.js retrofit2 okhttp fido-u2f

asked Jun 22 '16 at 14:45

Sam Claus

1,807
23
39

votes

1 answer

How would I bind a cookie to a TLS session in IIS/OWIN to make channel bound cookies?

Channel bound cookies prevent the concept of bearer tokens, and bind a cookie to a specific TLS channel. How would this be implemented in OWIN, ASP.NET 5, or ASP.NET 4.x?

asp.net asp.net-mvc-4 cookies owin fido-u2f

asked May 31 '16 at 21:30

makerofthings7

60,103
53
215
448

votes

0 answers

Is it possible to user native pin code/ pattern to login a remote system?

I am designing an android app where I can login in multiple ways: password, pin code, pattern, fingerprint.. While password login implementation is easy, the server will check against the password, authenticate the user and manage the login…

android security authentication pin-code fido-u2f

asked Mar 21 '16 at 11:33

cloudyian

votes

1 answer

FIDO U2F: independence of signature method?

Can the FIDO U2F standard be implemented with an arbitrary signature method? I couldn't find any information if a specific method needs to be used. Further question: is it possible to send multiple public keys to the relying party at the…

authentication fido-u2f yubico

asked Dec 09 '15 at 14:56

P. Sherman

votes

1 answer

U2F JavaScript for Client Side in GWT (JSNI)

I'm trying to get response from U2F Token in GWT project using this source code: public class Test implements EntryPoint { @Override public void onModuleLoad() { Window.alert("Alert 3:"+u2FTest()); } public static native…

javascript google-app-engine gwt jsni fido-u2f

asked Mar 27 '15 at 09:58

Abdessamad Doughri

1,324
2
16
29

votes

1 answer

using u2f-api.js Client Side Test

I'm trying to show the registration response from a Fido U2F token on an alert (Google chrome V41) like so: