FIDO U2F Update / What’s New & Drawing Board
Fido U2F Update
Tuesday 3A
Convener: John H., Jerrod
Notes-taker(s): John H.
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Here is a link to the slide deck:
https://docs.google.com/presentation/d/1WHPAnjSBbZpJ-2kvP8HFsMjelA5TFgh0KnCQHzK-OuM/edit?usp=sharing.
Please check it out to make sure the sharing options are permitting access, I have set them, but always good to double check.
During the presentation, Yubico shared our experiences with the U2F deployment from our perspective:
- ¥ Oct 21 2014 Google enabled U2F for all Google accounts through their 2SV security settings
- ¥ #1 Amazon seller for electronics for several weeks, 10’s of thousands sold to date
- ¥ Support calls have been non-existent with all calls usually related to misunderstanding various protocols (i.e. Lastpass use of OTP and Google use of U2F)
- ¥ We asked for a volunteer who had a Gmail account using 2SV. Bill Welch came up and within a minute had U2F enabled his gmail account and registered multiple Security Keys.
- ¥ We asked for protocol feedback ant that Yubico’s goal is to create an open U2F ecosystem that benefits all
Next stop is upgrading U2F to FIDO 2.0 which Microsoft announced in another session will be released with Windows 10. This will broaden the ecosystem dramatically.