First, for those who don’t know, U2F (Universal 2nd Factor) uses specialized USB or NFC devices to strengthen and simplify two factor authentication (2FA) processes by being an open authentication standard. The technology behind these specialized or NFC devices is similar to that of smart cards. FIDO Alliance is currently hosting the standard, though the initial development of the technology was due to the efforts of Google and Yubico, along with contributions from NXP Semiconductors.
U2F’s simple and strong process.
Seeing that TOTP (Time-based One-Time Password algorithm) or 2FA had its security weaknesses, the U2F standard was developed. Using public key cryptography to verify identity, U2F directly contrasts TOTP by means of the users being the sole entity to know the secret, which is the private key.
What can you get from using U2F?
It’s all about privacy and total security in the hands of the users. No shared secret (the private keys) is exposed to the Internet meaning that no confidential information is exposed as well. This is due to the public key cryptography that makes the overall process much, much simpler. Everything from the elimination of retyping one-time codes to making it difficult for hackers to get your data comes as a solid benefit of using U2F.
Setting up your Prokey device to use U2F
The overall process is simple. The idea is to make the Prokey device that you already have as a form of confirmation device that you can use to access certain websites and applications that are connected to the Internet. Websites like banking sites, Youtube, Dropbox, and also applications like anti-virus softwares. Generally, what you need to do is:
1. Head to the Settings/Preference page of your profile on a website or application
2. Find Account Security or anything similar
3. Make sure you have enabled the 2FA (two factor authentication) setting
4. Under the 2FA section, there will be an option named Security Keys or something similar
5. Choose to add a device or a security key
6. You will be prompted to connect your device (in this case, your Prokey) to the computer
7. Follow the instructions given.
8. You will then be prompted with a confirmation screen on your Prokey device. Press OK to continue.
9. A confirmation message will appear on the website or application saying that you have successfully added your Prokey device as a U2F-enabled security key
While it seems convenient to use TOTP to verify and confirm activity and login attempts, the standard has been proven to have weaknesses that hackers are ready to exploit. Making sure that you have the strongest and most up-to-date security features on-hand determines the safety of your assets and data. Like the cliche, “You can never be too safe”.