Adding phishing proof passwordless authentication with #FIDO2/#WebAuthn and #U2F
A
Ackermann Yuriy
Hey guys. I am Yuriy. An engineer from FIDO Alliance. You probably heard about us. We are the organisation behind U2F protocol that Google reported killed employee phishing: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing.
Our organisation have developed secure, seamless, phishing proof, passwordless authentication standard called FIDO2. Or some people may call it WebAuthn. WebAuthn is the JS API part in the browsers of the FIDO2, and it is supported by Chrome, Edge and Firefox.
I was happy customer of yours for many years and I felt like you guys so great and innovative, that adding FIDO2 support to your multifactor authentication instead of TOTP would be a great idea, since TOTP is succeptable to phishing.
We have a tutorial https://slides.com/fidoalliance/jan-2018-fido-seminar-webauthn-tutorial
I wrote blog posts on attestation and assertion verification: https://medium.com/@herrjemand/verifying-fido2-responses-4691288c8770
We have a stories a good deployment stories: https://engineering.linecorp.com/en/blog/fido-at-line/
And we have a helpful and friendly community that will be able to help you if you stuck *)
Regards. Yuriy
W
Whitney Jutzin
Merged in a post:
Support login by U2F (Yubikey, Trezor, ...)
H
Honza Pobořil
Support most secure way to login services.
This is reason why I prefer AWS for the most critical applications.
John Mulhausen
Merged in a post:
Please, add security keys for F2A
F
Fanfan
Implementing physical security keys like Yubikeys will improves a lot the security of the accounts !
This is a priority feature because it protects our accounts !
Thanks.
Merged in a post:
FIDO U2F Authentication
Z
Zach Queal
YubiKey released their U2F standard (Universal 2nd Factor) hardware key which allows single touch two factor authentication for products and services.
The current software two factor authentication is really great, however, U2F is far easier and involves a single touch to activate and record. This should be a layered approach giving users with U2F enabled the fallback of 2FA via software token. Google has this implemented already and it's very simple to use.
More Information:
Merged in a post:
[2FA | Security Keys] - Integrate Yubico Key for 2FA With DO
K
Khayrattee
I think it is high time you offer yubico integration.
Please work on it, it's not a choice, but a necessity.
This post was marked as
open