Skip to main content
Information Security

Questions tagged [u2f]

Ask Question

Universal Second Factor (U2F) is a protocol for strengthening online authentication.

80 questions
Newest Active Bountied Unanswered
3 votes
1 answer
378 views

When a U2F registers for the first time, the device transmits the public key to the server, what exactly prevents an attacker from performing a MITM attack and sending his own public key to the server ...
Badis Kerdellou's user avatar
  • 33
1 vote
1 answer
380 views

In this question: Is FIDO2 authentication vulnerable to a social engineering replay attack? it was answered that no, not vulnerable because "the keypair used to by the FIDO device to authenticate ...
Allexj's user avatar
  • 137
1 vote
0 answers
336 views

Where/what are the technical specifications to sync FIDO passkeys? FIDO passkeys are a quite hot topic. There is a white paper from FIDO Alliance about it. Several websites provide abstract ...
ndbd's user avatar
  • 201
2 votes
2 answers
358 views

I've read about Linus Tech Tips hack, where a malware stole the browser cookies & was able to log in to Linus's channel. Is this preventable with Windows controlled folder access (preventing apps ...
Ninja Dev's user avatar
  • 121
2 votes
0 answers
154 views

References: Yubico’s Take on U2F Key Wrapping https://www.yubico.com/blog/yubicos-u2f-key-wrapping/ Key generation https://developers.yubico.com/U2F/Protocol_details/Key_generation.html Discoverable ...
CyberMedics.org's user avatar
  • 21
2 votes
1 answer
627 views

OpenSSH 8.2 added -sk key types that allow for FIDO/U2F hardware authenticators (like a YubiKey, etc.) yubikey-agent allows for the same functionality, except it (a) requires an additional client on ...
angryserver's user avatar
  • 151
4 votes
1 answer
1k views

The Problem: Use the platform TMP of my Windows Laptop/PC (no external device or USB token) as U2F in a web application to check if it is a known device. My intended solution: I need to store/create ...
MrMaavin's user avatar
  • 91
3 votes
3 answers
2k views

As I understand, modern phishing is kind of like a man-in-the-middle attack. Let's say, for example that User u has an account in Domain d where he has an SMS based 2FA enabled. This is what the ...
Agnishom Chattopadhyay's user avatar
  • 143
20 votes
5 answers
4k views

I was troubled from the very beginning by the fact that my U2F security fob acts as a keyboard and theoretically is able to press any key when no one is looking. Sometimes I accidentally touch it and ...
IlliakaillI's user avatar
  • 301
1 vote
0 answers
219 views

Context I was answering a question about how YubiKey can generate "infinite" keypairs for Fido U2F but doesn't need to store them locally. This leads to my initial question: Initial Question ...
PathToLife's user avatar
  • 193
0 votes
0 answers
196 views

I've implemented second factor authentication for my web app via FIDO U2F, and am testing using a Yubikey. I have read that it is best practice to associate multiple hardware keys in case one is lost, ...
Julian H. Lam's user avatar
  • 143
1 vote
0 answers
315 views

After generating an OpenSSH EC key on a hardware security key: $ ssh-keygen -t ed25519-sk -C comment Is it possible to use this key with Google Chrome SSH applet or Mosh, in particular on non-Linux ...
Petr's user avatar
  • 537
31 votes
3 answers
5k views

If I have a security key (U2F key) like yubikey and use it on websites A and B and the owner of these two websites is the same, can the website owner know that I am the same user?
cooker's user avatar
  • 391
0 votes
1 answer
190 views

U2F devices store an internal counter to resolve a challenge and the counter value is sent back to the server (source). I think the counters on the server and on the client must go out of sync from ...
Gamer2015's user avatar
  • 737
9 votes
1 answer
6k views

My google-foo failed me as most "how it works" sections related to fido are very... let's say... consumer-oriented. So openssh supports U2F natively when using the appropriate elliptic-curve-...
Jane's user avatar
  • 93

15 30 50 per page
1
2 3 4 5 6