At the Federal Identity Forum (FedID), which is where new technologies and trends are discussed by American federal agencies and the identity community, the U.S. government adopted for the first time the FIDO Universal 2nd Factor (U2F) authentication protocol.
The U2F protocol was one of the main protocols designed and developed by the FIDO Alliance, a group of companies working on standardizing biometric and two-factor authentication protocols. The U2F protocol has already been adopted by hardware authentication token makers such as Yubico, the co-author of the U2F standard, which also sells the popular Yubikey tokens (with or without the new U2F standard).
Major services companies such as Google, Facebook, and Dropbox have also adopted U2F authentication, but most of these companies' implementations has been weakened by allowing SMS core retrieval as a backup two-factor authentication solution. The U2F authentication is more resilient against attacks when only hardware tokens are used, without any weaker alternatives being used as backup.
Several federal agencies that were already using the ID.me identity gateway started using the FIDO U2F two-factor authentication solution as soon as it was made available to them via the service. The ID.me system uses FIDO U2F hardware tokens as an extra layer of authentication for its identity proofing services. The ID.me platform also provides a wallet for users where they can store virtual “ID cards,” which they can then use to login to various services and websites.
"Thieves can guess or steal passwords from a database and they can spoof biometrics," said Blake Hall, ID.me’s CEO.“A physical FIDO U2F Security Key is 'un-phishable' -- it must be physically stolen from you, to compromise your account. To provide more robust and easy to use security to all customers, it's essential to support FIDO U2F based standards and the adoption of security keys,” he warned.
Over 250 companies have become members of the FIDO Alliance, which means it's now only a matter of time before FIDO U2F protocol is being used everywhere. According to the latest Verizon Data Breach Investigations Report, 81% of data breaches happen because of weak or stolen passwords. Using two-factor authentication (that's also not trivial to intercept) would go a long way towards making the targets harder to hack.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers