https://sidiprojects.us/w/index.php?action=history&feed=atom&title=U2FU2F - Revision history2026-04-16T23:51:38ZRevision history for this page on the wikiMediaWiki 1.38.6https://sidiprojects.us/w/index.php?title=U2F&diff=941&oldid=prevDavid: instructions for setting up U2F in linux2019-02-03T00:21:42Z<p>instructions for setting up U2F in linux</p>
<p><b>New page</b></p><div>U2F is much better than 2-factor authentication by TOTP, or SMS (more generally, U2F > TOTP > SMS > Password only). The main reason is that U2F is not susceptible to man-in-the-middle attacks in the way TOTP and SMS are.<br />
<br />
A good U2F solution is the Nitrokey FIDO U2F. To set it up in Linux (if you use another *nix, please let me know), you need to follow a few steps which aren't documented for the Nitrokey. Here's what to do:<br />
<br />
== Set up udev rules for the key ==<br />
<br />
Create the file /etc/udev/rules.d/70-u2f.rules, with the content<br />
<br />
# Nitrokey FIDO U2F<br />
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess"<br />
<br />
Reload the rules with udevadm:<br />
<br />
$ udevadm control --reload-rules && udevadm trigger<br />
<br />
== Configure Firefox, enroll the key ==<br />
<br />
Open Firefox, and go to about:config (in the URL bar). Search for the string 'u2f': you should see the key security.webauth.u2f. Enable it by double clicking.<br />
<br />
Go to the website and register the key! You will see a popup from the info button to the left of the URL bar stating that the site wants to use your key. Just insert the key, and it should register. Congratulations!</div>David