FIDO U2F Update / What’s New & Drawing Board

From IIW

Fido U2F Update

Tuesday 3A

Convener: John H., Jerrod

Notes-taker(s): John H.

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Here is a link to the slide deck: 

https://docs.google.com/presentation/d/1WHPAnjSBbZpJ-2kvP8HFsMjelA5TFgh0KnCQHzK-OuM/edit?usp=sharing

Please check it out to make sure the sharing options are permitting access, I have set them, but always good to double check. 

During the presentation, Yubico shared our experiences with the U2F deployment from our perspective: 

¥ Oct 21 2014 Google enabled U2F for all Google accounts through their 2SV security settings
¥ #1 Amazon seller for electronics for several weeks, 10’s of thousands sold to date
¥ Support calls have been non-existent with all calls usually related to misunderstanding various protocols (i.e. Lastpass use of OTP and Google use of U2F)
¥ We asked for a volunteer who had a Gmail account using 2SV. Bill Welch came up and within a minute had U2F enabled his gmail account and registered multiple Security Keys. 
¥ We asked for protocol feedback ant that Yubico’s goal is to create an open U2F ecosystem that benefits all

Next stop is upgrading U2F to FIDO 2.0 which Microsoft announced in another session will be released with Windows 10. This will broaden the ecosystem dramatically.