U2F

From das_wiki
Jump to: navigation, search

U2F is much better than 2-factor authentication by TOTP, or SMS (more generally, U2F > TOTP > SMS > Password only). The main reason is that U2F is not susceptible to man-in-the-middle attacks in the way TOTP and SMS are.

A good U2F solution is the Nitrokey FIDO U2F. To set it up in Linux (if you use another *nix, please let me know), you need to follow a few steps which aren't documented for the Nitrokey. Here's what to do:

Set up udev rules for the key

Create the file /etc/udev/rules.d/70-u2f.rules, with the content 

 # Nitrokey FIDO U2F
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess"

Reload the rules with udevadm: 

 $ udevadm control --reload-rules && udevadm trigger

Configure Firefox, enroll the key

Open Firefox, and go to about:config (in the URL bar). Search for the string 'u2f': you should see the key security.webauth.u2f. Enable it by double clicking.

Go to the website and register the key! You will see a popup from the info button to the left of the URL bar stating that the site wants to use your key. Just insert the key, and it should register. Congratulations!

Retrieved from "https://sidiprojects.us/mediawiki-1.23.2/index.php?title=U2F&oldid=941"