Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Printable Version | Subscribe | Add to Favourites   Post new thread Poll:
Author: Subject: FYI: FIDO Universal 2nd Factor (U2F) Encryption
JackInCT
Custom User Title
*******




Posts: 1416
Registered: 21-4-2007
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 506264 posted on 15-1-2017 at 18:01 Reply With Quote
FYI: FIDO Universal 2nd Factor (U2F) Encryption



FYI: FIDO Universal 2nd Factor (U2F) - Strong In-The-Browser Authentication For The Mass Market

A media article about this tech, and the security it offers, caught my eye today.

Advisory: This is heavy duty technical reading; the gear to deploy this tech is available for home users, and not expensive, but, speaking for myself, not only is a considerable amount of reading up on it in order, it's pretty boring/dry/and often 'over my head' stuff.

A Google type search of "FIDO Universal 2nd Factor (U2F) protocol" will produce a very large number of hits, including Wiki hits, and ditto re YouTube. And Amazon has this gear available.

Because of the highly technical nature of this topic, just what hit will make it comprehensible, will involve a good deal of trial and error flipping through the hits.

To begin with, for the unitiated, tech know-how wise, this tech definitely falls into the category of 'can it really deliver what it, superficially, appears to be capable of'? Secondly, what does it take, cognitively, to not just understand what its strengths are, but also what its limitations are [and not wind up getting dinged by expecting, naively, more than it can accomplish]. And if deployed by an end user, how does one decide if it's more trouble than its worth relative to the security risks this tech seems to "eliminate" (to include if that's a realistic probability, not to mention whether the malicious persons on the web, will sooner or later, figure out how to defeat it).

The following is just one one attempt at a summary explanation, i. e., there are many hits that attempt to explain it:

Universal 2nd Factor (U2F) is a new, open authentication standard focused on adding public-key cryptography to existing password authentication mechanisms, offering high security with friction-less user experience. U2F represents a crucial step in driving the rapid adoption of strong authentication technology, where the user can now use a simple password/passcode, which even if compromised, does not compromise the user's identity. The three elements involved are, the user possessing an authenticator, a client that can take the form of a web browser and the relying parties providing services leveraging the built-in U2F support in the web browser. The elegance of the protocol lies in the fact that the user in possession of the authenticator can authenticate to any number of web-based services using only one device, without the need to install any drivers or client software. The added benefit of U2F also lies in the simplicity of how this protocol can be easily integrated into an existing password authentication model.

JackInCT has attached this image.
Click the image to enlarge it:

Click Image To Enlarge
View User's Profile View All Posts By User
Katzy
Anything you like
*******


Avatar


Posts: 7564
Registered: 23-7-2002
Theme: Coffee
Member Is Offline

Mood: Fintlewoodlewix.

[*] Post 506266 posted on 15-1-2017 at 21:51 Reply With Quote


I can see the Feds loving this...
View User's Profile View All Posts By User
JackInCT
Custom User Title
*******




Posts: 1416
Registered: 21-4-2007
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 506267 posted on 15-1-2017 at 22:33 Reply With Quote


Quote:
Originally posted by Katzy
I can see the Feds loving this...


You will note that I used the phrase, "the malicious persons on the web"; I must have had a lapse and forgot to spell out/include in such a group what you posted. Thank You very much.
View User's Profile View All Posts By User
Post new thread Poll:

Guest Notice
You are a guest, as a guest you can only see a maximum of 3 posts per thread.

If you want to see the rest, please click here to register.