Duo Security announces U2F authentication support

U2F is Universal 2nd Factor, the first FIDO Alliance standard for two-factor authentication. The goal: simple systems to combat phishing and other credential breaches.

Authentication service provider Duo Security has announced their support of U2F (Universal 2nd Factor), the first of two standards for two-factor authentication by the FIDO Alliance.

Two-factor authentication is frequently cited as a way to block the impact of user credential breaches, either through phishing or through hacks such as those recently experienced by Target, Home Depot and, most recently, Staples . Duo specifically claims that U2F allows them "...to completely prevent one of the most common credential attacks today, phishing."

See a Duo Security video explaining U2F embedded below.

Duo Security operates a cloud service for out-of-band authentication. Using their APIs, developers can integrate two-factor authentication through the service directly into their software. Integration is available through numerous existing products and services. The cloud now supports U2F using any U2F authenticator, such as those from Yubico.

U2F was originally developed by Google and is now run by the FIDO (Fast IDentity Online) Alliance. It is a device, typically a USB dongle plugged into the system but possibly NFC-based as well, which has web browser support with no added drivers required. During authentication or registration, the user presses a button on the dongle or taps the NFC device.

A second Passwordless UX (UAF) standard is also being worked on. UAF supports a wider variety of authentication methods and flexibility for servers to choose devices.