What is U2F?

  • Reading time:5 mins read
  • Post comments:0 Comments

While cyber crime is escalating, rapidly increasing the propensity for data and identity theft, a new system to intensify security are being developed in a virtual arms race to provide personal and commercial protection. A Universal 2nd Factor or a U2F is one of the weapons that has been developed for this fight to protect security.

A U2F is an open authentication standard which enables ease of functioning for two-factor authentication. It uses a special USB or NFC device, which employs comparable technology to smart cards.

Where most accounts and websites only need one password to log into the system, two-factor authentication complicates the process for a hacker by introducing a new step of verification. Simple versions of this include codes sent via SMS when you join a website or PayPal putting a cent into your bank account to verify that it belongs to you.

Universal 2nd Factor Authentication

They usually come in 3 different forms: things you know, such as a PIN code, a second password, a security question; things you have, such as sending a code to your phone via SMS or calling code verification via landline; and things you are, such a fingerprint or retina ID. While passwords may seem relatively safe, data shows that people tend to use the same password for 65% of their online systems, including banking and purchasing.

Moreover, an alarming number of people tend to use personal data for the content of their password, making them easy to crack using something as simple as a free online password cracker. These two-step systems mean that if a hacker has one password, they need the second piece of data or the physical device (i.e. the phone) to complete the process, limiting the possibility of entry.

U2F looks to simplify this process. Current two-factor authentication protocols vary depending on each system to use, from social media to banking, to online purchases. U2F is the open, universal standard for producing physical ‘keys? which would be the second authentication step, allowing access by plugging the key into the computer.

U2F

This is an extremely important development. While even certain two-factor authentication processes can be hacked using modern technology and techniques, by handing the security over to a tangible token, this prevents a hacker from being able to access any data without physically holding the key. Moreover, a U2F can detect if a ‘man in the middle? hacker is trying to intercept the login process with the U2F device and will stop working to prevent a hack.

This advancement in security is important for individual cyber safety, preventing phishing and other types of identity theft, but it also helps to significantly protect businesses. While an individual employee may think their password is uncrackable, to others it may seem extremely simplistic, especially if they use it multiple times across varying systems.

Often people use the same password for Facebook as they do on their work computer. In this case, an intermediate level hacker with a basic password cracking program would be able to enter the entire web system using one person?s password. If a hacker is able to enter a system through an individual?s poor password choice, they can infect an entire network, gaining access to a wealth of information through one weakened entry. Employing U2F keys helps to prevent this by blocking this human error of poor password choice, by introducing a failsafe physical system, which cannot be mimicked remotely.

U2F and ERP

U2F was originally invented by Google and Yubico but FIDO Alliance now manages the standard. Yubico first began working on a security key in 2008, but the idea of U2F devices wasn?t realized until the development of U2F in 2012. Jakob Ehrensvard, CTO of Yubico, introduced the concept of an authentication device which would work on a whole number of services.

In 2014 Google launched support for the concept in Chrome, while also publishing the codes for the technology as open source data, allowing other technology avenues (browsers, websites etc) to follow suit. This has led to systems such as DropBox, Firefox by Mozilla, Dashline, Salesforce, and Github to create supporting structures for this new system of authentication.

To conclude, U2F is the move forward for password authentication, especially in business. It creates a physical and most unbreachable barrier to remote hackers, protecting data while also saving time on finding authentication emails and SMS message, consolidating the process through U2F keys.

Leave a Reply