Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication (2FA) using specialized USB based security technology found in smart cards.
FIDO U2F devices are used to create the key pairs and “store” all the private keys. Only the public keys are stored by the website.
The U2F device generates a digital signature with the private key within the secure element and returns the digital signature and an incrementing counter value.
Strong Security: Strong two-factor authentication using public key crypto that protects against phishing, session hijacking, man-in-the-middle, and malware attacks.
How do I enable FIDO U2F in Firefox:
While the FIDO U2F experience in Firefox is limited at the moment, turning it on is very simple. It only takes three steps.
Type about:config into the Firefox browser.
Search for “u2f”.
Double click on security.webauth.u2f to enable U2F support thats it.
On cidaas user common profile page, go to Physical Verification Setup and select FIDO Configure button under the FIDO option
Insert the FIDO security key in the USB port or connect with USB cable. The user’s device creates a new public/private key pair unique for the local device, online service and associated with the user’s account as in the below screen,
Public key is sent to the online service and associated with the user’s account. The private key and any information about the local authentication method (such as biometric measurements or templates) never leave the local device.
Once connected, touch on the key icon chip to activate, if your key is one of them (private/public key)
Click “Configure” button, from the user portal -> physical verification setup, the below screen gets displayed,
Touch your finger on the key icon chip, the below screen gets displayed,
####Step 6 Click Done button, the configured Fido U2f is available under the Configured Authentication Types,
FIDO U2F – Usage
Login with passwordless authentication then enter your email and click Proceed. Select Fido U2F to login.
Click on “Fido U2F”, touch your finger on the key icon chip. after touched key icon the device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge. the below screen gets displayed,
Client device sends the signed challenge back to the service, which verifies it with the stored public key and logs in the user
You have now successfully logged in to the application/web portal.