U 2 can U2F

This presentation was given at linux.conf.au 2017.

I gave a talk at linux.conf.au 2017 about Universal 2nd Factor (U2F), a method for two-factor authentication.

This talk gives a brief history of two-factor authentication, some of the problems existing methods have, and then introduces U2F and how it solves some of these problems. Its a semi-technical talk; I do describe how the security properties work and talk about how to integrate U2F into your app or service. It should be accessible to people that just want to learn a little more about the technology.

I gave out U2F devices to conference attendees after the talk, with one condition: they have to post or say something publically about what they did with it, even if its just adding it to a GitHub account.

Slides: U 2 can U2F [PDF 48M]; Deckset source [GitHub]

Here are links to specs, hardware, software and other useful U2F things. I have not tried all of these things myself; do your research!

U2F specs

• U2F - FIDO Universal 2nd Factor
• FIDO Alliance

Manufacturers

• Yubico
• Neowave
• Feitian
• Hypersecu
• Nitrokey
• …

Open source hardware

• U2F Zero
• Tomu

Server implementations

• Perl
• Ruby
• Python
• PHP
• Java
• C#
• C
• Go
• Javascript
• …

Browser implementations

• Chrome/Chromium: u2f-api.js
• Firefox: extension, progress on native implementation
• Safari: extension
• Edge: no support yet

Related projects

• u2f-host
• pam-u2f

Other two-factor methods

• Beginner’s Guide to TOTP
• NIST Recommends Deprecation Of SMS Two-Factor Authentication