fido – Page 8 – WindowsTechs.com

Security keys have been good to Google, so now it’s promoting one of its own

Posted on July 25, 2018 by Patrick Howell O'Neill

Google says its workforce has been phish-proof for more than a year. The impressive security stat is due to small USB security keys issued to all 85,000 of the company’s employees. Companies that produce these small pieces of hardware, like Yubico, have seen tremendous growth over the last two years thanks to rapidly accelerating adoption — but they will now have fresh competition. Google will soon start widely selling its own Titan Security Key, which includes firmware developed by the omnipresent tech giant itself. The product is available now to Google Cloud customers and will eventually be available to general customers, the company announced Wednesday at its Google Cloud Next conference in San Francisco. Like similar keys from other companies, it will provide a second authentication factor for software use, network access, account management and other services. When the hardware is linked to an account, a password isn’t enough — the user must plug in the […]

The post Security keys have been good to Google, so now it’s promoting one of its own appeared first on Cyberscoop.

Continue reading Security keys have been good to Google, so now it’s promoting one of its own→

How can I implement FIDO UAF client and ASM on Windows platform? I will be using third party authenticator [migrated]

Posted on May 29, 2018 by Pooja Kuntal

I am using Windows OS and need to implement FIDO UAF client and ASM. Could someone direct me in the right direction? How should I start? Is there any SDK given for Windows?

There are APIs for Android and iOS but unable to fi… Continue reading How can I implement FIDO UAF client and ASM on Windows platform? I will be using third party authenticator [migrated]→

U2F FIDO sends identifiable serial numbers

Posted on May 22, 2018 by Ed Watson

As all of the FIDO Alliance documents state, the FIDO U2F protocols should never be able to abused to identify whether a user has multiple accounts with one service, or for services to collude and find out a specific user’s i… Continue reading U2F FIDO sends identifiable serial numbers→

Webauthn configuration differences in Firefox

Posted on May 12, 2018 by eternaltyro

I’m trying to understand what the different configuration elements mean in Mozilla Firefox. There was an announcement recently from Dropbox that they had enabled support for WebAuthn. I tried logging in-to DropBox using my U2… Continue reading Webauthn configuration differences in Firefox→

Handling the loss of a phone with FIDO UAF

Posted on March 8, 2018 by AndoKarim

I would like to know how this UAF method works when we lose our phone. With Google Authenticator we have to save on a paper some info about the generation of the secret key. But how does this work with UAF?

If you have also… Continue reading Handling the loss of a phone with FIDO UAF→

How exactly do Fido Keys word?

Posted on January 7, 2018 by NerdOfCode

Recently I acquired a security Fido key that allows me to use the U2F protocol on some of my accounts. Now I know that these keys use public/private keys for the specified account but I’m stuck on the logic of one part. How d… Continue reading How exactly do Fido Keys word?→

Fido UAF timing attack

Posted on September 12, 2017 by Matt

When I use Fido UAF for passwordless authentication such as demonstrated at https://playground.hanko.io/login

What stops the guy sat next to me from hitting login at the same time using my email address? Wouldn’t that result… Continue reading Fido UAF timing attack→

Some federal websites now allowing users to login via secure USB keys

Posted on September 12, 2017 by Shaun Waterman

For the first time, Americans will have the option to use a cryptographically secure USB keystick to protect their online accounts on federal government websites. Owners of online accounts protected by identity-proofing start up ID.me will be able to use keysticks conforming to the Universal Second Factor, or U2F, standard promulgated by the Fast IDentity Online, or FIDO Alliance, ID.me announced Tuesday. The option will be available to users alongside existing two-factor services, such as a code sent by SMS text message, or a call to a landline, the company said. It’s the first time U2F keysticks — considered a gold-standard protection against phishing and other forms of online identity theft — have been available to the users of federal online services. ID.me did not disclose the three federal agencies it said were buying the company’s identity proofing services — but it has in the past done very public work to provide veterans secure […]

The post Some federal websites now allowing users to login via secure USB keys appeared first on Cyberscoop.

Continue reading Some federal websites now allowing users to login via secure USB keys→

Why doesn’t a device with x509/PKCS#11 and U2F exist?

Posted on July 7, 2017 by marianov

I’ve been looking for a device, smartcard or USB that does two things:

provide storage to a private digital signature key (used with in a standard x509 certificate) for signing documents
provide U2F credentials for authen… Continue reading Why doesn’t a device with x509/PKCS#11 and U2F exist?→

U2F protocol – Counter value & device cloning

Posted on June 3, 2017 by QBl

My question is about the U2F protocol and more precisely cloning detection.
According to the doc :

“If there is a possibility that a U2F token can be cloned, we also need some way to detect it. We can do this by having an o… Continue reading U2F protocol – Counter value & device cloning→