Universal 2nd Factor (U2F) is an additional gateway that one must pass to access protected files, and although passwords are still required, U2F makes it much more secure as it utilises a physical device in the authentication step.
Here is an example of a U2F process:
- The user enters their username and password as stored by the website they are logging onto.
- The website verifies the username and password and a challenge is sent to a key that the user has to plug into a USB port. This communication is encrypted during movement.
- The security key lights up, and the challenge is accepted. The user then pushes the button on the key to complete the authentication process.
FIDO regulations require asymmetric cryptography. Sensitive data always remains on the device. Moreover, the USB works with the host via a human interface device (HID) protocol, so users don’t need to download any drivers or software for the process to work.
Users are encouraged to keep a spare key locked away in a safe location. If a YubiKey is lost, it can become very difficult to gain access to protected resources. U2F prioritises security over user convenience, so one must take care to be careful with the keys once authorised.
Keys do not require Bluetooth or batteries, so maintenance is easy. These security keys cannot be cloned, and the information on them cannot be extracted.