The paper outlines Google’s use of FIDO U2F-based Security Keys, manufactured by Yubico, to harden security, improve user satisfaction, and cut support costs. Those words, however, are broad terms that need definition in order for consumers and enterprises to form opinions and make educated buying choices.įIDO Universal Second Factor (U2F) is no different, so Google recently published a research paper titled “Security Keys: Practical Cryptographic Second Factors for the Modern Web” to quantify the benefits the internet giant found in using U2F-based two-factor authentication. Maybe I'll order a Yubi Key Neo and play around with it.Key words often associated with two-factor authentication focus on simplicity, privacy, and security. I've looked at some Yubi keys in the past. I use Google 2-factor all the time for work and personal use. If so, do you have a link to the documentation? Will there be/is there an JS API that can be used for other users, or this strictly a Google thing? Will an additional factor be permitted to be used in conjunction with the physical device ? I think this is important in the same way as a PIN is required for a debit card. There are many scenarios where having a physical USB key is preferred to a mobile device.
This is a great new offering to help boost adoption of 2-step authentication. How about selling these in the Play Store?! :D Will the USF compatabile USB Device need to be connected to the Computer at all times, or once login is complete can the USB device be disconnected? This would be much better, if users could use drives they already have. I have a drawer full of USB drives, why should I have to purchase another one. I would be keen to add this to my accounts going forward. Hiya, is this functionality in the UK also. I wish there's a possible way to use USB flash disks with the U2F protocol. You can't get "out of band" with anything that you "plug in" - that's simply connecting it directly to the same threats.īy the way - for everyone reading this comment - please know that, if you are reading this, Google had the grace to allow this to be published here ("all comments published must be approved by the blog author") - and if you are reading this, that I'm grateful that they allowed my opinions to be aired, despite me being critical - thanks! Strong authentication needs to be out-of-band, and support transaction signing, and work everywhere, or there's no point using it.
Remember Mt.Gox? That's Yubico's most public failure so far :-)
Good luck plugging a USB key into your iPad, or letting your security-sensitive workplace let you plug arbitrary USB keys into your workstation, or convincing your bank that you really did not send your entire balance to Nigeria, even though you signed that transaction with a tap, etc etc. Is this to help the people or a new spy mechanism from Google/NSA? But can we use it to get access to Google accounts with other browsers too?
0 kommentar(er)
