u2f logo

Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication using specialized USB or NFC devices based on similar security technology found in smart cards. While initially developed by Google and Yubico, with contribution from NXP, the standard is now hosted by the FIDO Alliance.

U2F security keys can currently be used with Google accounts as a method for two-step verification and is supported by Google Chrome since version 38. As of August 12, 2015, U2F security keys can also be used as an additional method for two-step verification for Dropbox and as of October 1, 2015, for GitHub.

Chrome is currently the only browser supporting U2F natively. Microsoft is working on support for Windows 10 and the Edge browser. Mozilla is integrating it into Firefox, and support can currently be enabled through an addon.

Development status

These items currently work in the module:

  • Configurable point of authentication (similar to block patterns)
  • Configurable time for token insertion, and authentication expiration
  • Define the text to be shown for the landing page requesting the token
  • Libraries are included with the module:
  • Authentication via the token

Features planned in first dev release (est Tue 22nd of June 2016)

  • Better error handling and user warning (incompatible browser, non-SSL connection)
  • Test multiple tokens per user

Instruction

  • Install module as usual
  • When enabled, these checks are done to ascertain if a token authentication will be required:
    • Check if user is logged in (anonymous always pass)
    • Check if module is enabled
    • Check if a previous authentication has expired
    • Check if module is in debug mode and user has a debug role
    • Check if module is enabled and user does not have a whitelisted role
    • Check given pattern for the current URL, and depending on visibility mode (allow except, allow on only, php)
    • Request token authentication

Troubleshooting

Before filling an issues make sure that:

  • You are using Chrome version 38+ or a browser with a suitable addon (untested)
  • YOUR SITE IS USING SSL. This is a requirement.
  • If you're using MAMP it will not work due to an old version of OpenSSL baked into it (contrary to what is being said by the company, updating your OSX OpenSSL version does not work)

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • Project categories: Developer tools, Security
  • Created by xqus on , updated
  • shieldStable releases for this project are covered by the security advisory policy.
    There are currently no supported stable releases.

Releases