Universal 2nd Factor (U2F)

Universal 2nd Factor (U2F) is a protocol designed to enable online services to augment their traditional password-based authentication with a second factor of authentication that is presented via a USB device or NFC interface. The use of a local interface requires client applications – typically a web browser – to support U2F.

U2F is defined as part of Fast Identity Online (FIDO), a set of open technical specifications for mechanisms of authenticating users to online services that do not depend on passwords. FIDO authentication seeks to use the native security capabilities of the user device to enable strong user authentication and reduce the reliance on passwords.

“Under the hood” FIDO utilizes asymmetric cryptography to ensure that sensitive data such as secrets, biometric prints and images remain on device at all times and are not transmitted to the authenticating service.

FIDO defines two key protocols: (i) Universal Authentication Framework (UAF) Protocol, and (ii) Universal 2nd Factor (U2F) Protocol.

Frequently Asked Questions
How is U2F different then Webauthn?

Web Authentication, or WebAuthn, is an effort by the World Wide Web Consortium (W3C) to standardize public-key authentication of users to web-based application and services.
Webauthn supports both existing FIDO U2F and upcoming FIDO2 credentials.

FIDO2 is the passwordless evolution of FIDO U2F. It provides an extended set of functionality to cover additional use-cases, with passwordless login flows being the main driver.

Do all U2F rely on FIDO?

U2F is a standard defined by FIDO, therefor all U2F devices rely on FIDO.

Is U2F supported by all browser?

No, currently only Chrome, Firefox and Opera support U2F natively. Microsoft has enabled FIDO 2.0 support for Windows 10’s Windows Hello login platform. However, Microsoft Edge browser and Microsoft accounts (including Office 365, OneDrive and other Microsoft services) do not yet have U2F support.