Security Encyclopedia

FIDO U2F Authentication (UNVERSAL SECOND FACTOR)

FIDO U2F is a second factor authentication specification created by the FIDO Alliance. It outlines detailed steps that must be taken by an authenticator possessed by the user who is requesting access to a digital resource at the time of authentication, as well as the process to verify the authentication is successful on a server side component.

FIDO2 is traditionally leveraged within security keys that contain a private key (typically using ECDSA keys) to sign challenges issued by a FIDO U2F certified server that then verifies the signature using a corresponding public key. With the release of an updated FIDO specification, FIDO2, U2F has been re-labeled as Client To Authenticator Protocol (CTAP1).

Example:

“Our employees were falling victim to phishing attacks, so our security team enforced the use of FIDO U2F Devices. Since we started using FIDO U2F tokens as authenticators, we’ve seen a significant decrease in phishing attacks.”

Image:

HYPR True Passwordless FIDO2 Yubikey Login