Home

U2F

U2F, Universal 2nd Factor, is a standard for hardware-based two-factor authentication. Developed by the FIDO Alliance and supported by many major platforms, U2F uses a physical security key to provide a second factor that protects accounts beyond a password. The standard is designed to work across many online services, enabling a user to register a single token that can be used with multiple sites and services that implement U2F.

How it works in brief: during enrollment, the authenticator creates a public/private key pair and stores the

Transports and adoption: U2F tokens commonly connect via USB, and some models support NFC or Bluetooth. Web

Relationship to FIDO2: U2F is the CTAP1 portion of the broader FIDO2 framework, which also includes WebAuthn

private
key
on
the
device,
keeping
the
public
key
and
a
reference
(key
handle)
with
the
relying
party
(the
service).
When
signing
in,
the
service
issues
a
challenge
tied
to
the
user
and
the
origin
(the
appID).
The
user
activates
the
token,
typically
by
touching
it,
and
the
device
signs
the
challenge
with
its
private
key.
The
service
verifies
the
signature
using
the
stored
public
key.
A
counter
and
user
presence
data
help
detect
token
cloning
or
replay.
The
private
key
never
leaves
the
token,
and
the
secret
is
bound
to
the
specific
relying
party,
helping
resist
phishing.
browsers
and
many
services
implemented
U2F
support,
enabling
broad
interoperability.
Attestation
data
on
the
token
can
identify
the
device
model
to
a
service,
though
this
raises
privacy
considerations
for
potential
device
tracking.
and
CTAP2.
While
U2F
remains
in
limited
use
for
legacy
deployments,
many
providers
have
migrated
toward
WebAuthn/FIDO2
for
new
deployments,
offering
phishing-resistant
authentication
with
either
security
keys
or
platform
authenticators.