U2F is an open authentication standard that enables internet users to:
Securely access any number of online services with one single security key, instantly and with no drivers or client software needed.
FIDO2 is the latest generation of the U2F protocol.
U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public-key crypto to the mass market.
Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance.
U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more.
How it works – 2 simple steps to authentication
Origin binding: defense against phishing
With the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers.
Strong security — Strong two-factor authentication using public key crypto that protects against phishing, session hijacking, man-in-the-middle, and malware attacks.
Easy to use — Works out-of-the-box thanks to native support in platforms and browsers including Chrome, Opera, and Mozilla, enabling instant authentication to any number of services. No codes to type or drivers to install.
High privacy — Allows users to choose, own, and control their online identity. Each user can also opt to have multiple identities, including anonymous, with no personal information associated with the identity. A U2F Security Key generates a new pair of keys for every service, and only the service stores the public key. With this approach, no secrets are shared between service providers, and an affordable U2F Security Key can support any number of services.
Multiple choices — Open standards provide flexibility and product choice. Designed for existing phones and computers, for many authentication modalities, and with different communication methods (USB and NFC).
Cost-efficient — Users can choose from a range of affordable devices online. Yubico offers free and open-source server software for back-end integration through the Yubico Developer Program.
Electronic identity — Identity proofing is offered for organizations requiring a higher level of identity assurance. Through service providers, it is possible to bind your U2F Security Key to your real government-issued identity.