Knowledge Base Help Center
What are FIDO Security Keys and How Do They Work?
What are FIDO Security Keys?
FIDO U2F security keys are small USB devices that enable secure login to websites and applications. They are the solution to the problem with weak passwords, Cyber hacking, phishing scams and keyloggers.
FIDO U2F [Universal Second Factor] allows online services to strengthen login security by adding a high-security second factor to user logins. Traditional logins requiring a password or PIN can be reinforced by requiring the presence of the FIDO U2F authentication dongle. The user simply needs to touch the button on the USB Key or tap an NFC/BLE enabled token using their smartphone or tablet.
How Do They Work?
FIDO U2F security keys utilize public-key cryptography to assert the identity of the user. At the point of registration with the website, or on first use of the application, the user presents the FIDO U2F device which then generates a new keypair – the public key is shared with the application, the private key is kept hidden by the device. At subsequent logins the website or application issues a challenge which the device signs internally using the private key. The device will only perform the signature after the user has ‘unlocked’ the device (e.g., by touching the button on the device). The application then verifies the returned signature using the previously shared public key.
The FIDO U2F protocol enables these devices to be used as a second factor at login. Developed by the FIDO Alliance, an industry consortium whose members include Google, Microsoft, Samsung, PayPal, MasterCard, Visa and RSA Security, FIDO U2F is gaining rapid support across the industry.
How Do I Use Them?
On their own, FIDO U2F tokens can be used with services that already support them such as Google Accounts, Dropbox and GitHub.