Universal 2nd Factor, or U2F, is an emerging universal standard for tokens with native support in platforms and browsers. U2F was developed by the Fast IDentity Online (FIDO) Alliance, a technology consortium backed by corporations, such as Google, Microsoft, VISA, and Bank of America, to address the lack of interoperability among strong authentication devices.
U2F tokens contain cryptographic keys similar to, but not the same as, a contact smart card and are typically paired as a second authentication factor with a username and password or PIN. U2F tokens are considered more secure than one time password (OTP) tokens, but less secure than contact smart cards.
How FIDO U2F Works With RapidIdentity MFA
U2F tokens are typically used for VPN authentication, web-based access, and Windows logon. The user simply inserts his or her U2F token into a USB slot (optional NFC and Bluetooth tokens are available), enters or confirms his or her username when logging into RapidIdentity, then presses the U2F token button, and enters a password or PIN.
FIDO U2F Benefits
- Replaces SMS texts, authenticator apps, legacy tokens, and similar devices
- Strongly resistant to phishing, session hijacking, keylogging, man-in-the-middle, and malware attacks
- Works out-of-the-box due to native support in platforms and browsers
- Does not share secrets (private keys) over the internet
- Does not associate personal information with the secret
