Photo by Shiro169

Fido U2F

No it’s not a dog not even a robot dog. It’s a standardized protocol for second factor authorization. So what does that mean? when you sign in on a website you have a username and of course a secure password. But as we know passwords and usernames have a slightly bad behavior of ending up in the wrong hands. So if you are not carefully, your accounts can be compromised if you are using same credentials on many sites. With second factor authorization (2FA) there is three things which have to be compromised, username, password, and a temporary key. The temporary key is often something you have physical on you, can be a little notebook with codes, a smart phone which generate a new code every time you want to sign in or a hardware token. So to get access to your account means that the attacker needs physical access to you to be able to attack. Often the attacker is someone who have bought a list of username and passwords and does not have physical access to you. If you are worried you can search through the known published lists which have been leaked from breaches at haveibeenpwned.com

Yubikey

That is one of the hardware tokens on the market, the thing with Yubikey is that it supports Fido U2F which is that protocol you read about earlier, this little key is a USB and NFC hardware dongle which you can use with your computer and phone to securely sign in on websites. Not all web service’s supports U2F so you have to chose wisely which services you want to use.

There are more features with this little usb dongle which I will take in a later post, so stay tuned.

Our friends

At the moment Google, Dropbox, Github, Sentry, GitLab and Bitbucket have added support for Fido U2F in their services. For an updated list check Dogleauth.

Bitbucket will have 25% discount for their users on Yubikeys, monday 27/6 2016 here.

Like what you read? Give Anders Lindén a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.