Token-based Two-Factor authentication

Tokens, U2F, and the real world

Gerhard Poul
Sep 23, 2015 · 2 min read

The use of two-factor authentication for personal use, even for online banking, never really caught on.

The only device that was at least slightly promising was the YubiKey, but there wasn’t really much adoption for it as the various operation modes all had their fair share of issues.

About a year ago YubiCo released a token based on Universal 2nd Factor (U2F), a standardized protocol based on hardware tokens, but using a local key store on the token where each service that you’re authenticating with gets their own key and the authentication itself is handled by a module built into the web browser.

It’s not ideal because it needs support in the browser, which the YubiKey historically didn’t need because it just worked as a USB keyboard entering the one-time tokens into any application, but I think it’s a very interesting approach.

This is why I bought two U2F tokens to try out, but unfortunately the only browser that added support for it in the last year was Chrome and the only web sites that added support for authentication with a U2F token were Google Accounts and Dropbox.

It is kind of sad that not even within the technology industry we have enough enthusiasm for using such tokens. How will we ever encourage regular people to adopt them?

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store