Brown Bag: Universal 2nd Factor (U2F) Authentication 24-July

Hey everybody..
I've invited a couple of folks from Yubico (the makers of the Yubikey
one-time-password hardware token) to give us a presentation next week
about the FIDO Alliance and their "Universal 2nd Factor" (U2F) project.
This is a specification for a public-key-based authentication system for
the web, somewhat reminiscent of Persona, that involves a USB hardware
token which can sign assertions.
They'll be presenting Thursday July 24th (next week), at noon PDT, in
the SFO Commons and on Air Mozilla (open to the public and recorded for
later viewing). Eight days from now.
Title:
  FIDO Universal 2nd Factor (U2F) - Strong in-the-browser authentication
  for the mass market.

Abstract:
  Join us for a glimpse into the future of online authentication.
  Universal 2nd Factor (U2F) is a new, open authentication standard
  focused on adding public-key cryptography to existing password
  authentication mechanisms, offering high security with friction-less
  user experience. U2F represents a crucial step in driving the rapid
  adoption of strong authentication technology, where the user can now
  use a simple password/passcode, which even if compromised, does not
  compromise the user's identity. The three elements involved are, the
  user possessing an authenticator, a client that can take the form of a
  web browser and the relying parties providing services leveraging the
  built-in U2F support in the web browser. The elegance of the protocol
  lies in the fact that the user in possession of the authenticator can
  authenticate to any number of web-based services using only one
  device, without the need to install any drivers or client software.
  The added benefit of U2F also lies in the simplicity of how this
  protocol can be easily integrated into an existing password
  authentication model.
  We'll go into the motivation for U2F, demo its use, explain the user
  privacy and security issues that are addressed, explain the importance
  of the browser support for U2F and dive into some key details of the
  protocol.

Presenter:
  Jerrod Chong, CISSP, VP of Solution Engineering at Yubico
URL:
https://air.mozilla.org/fido-universal-2nd-factor-u2f-strong-in-the-browser-authentication-for-the-mass-market/
I hope you can join us!
 -Brian
0
Brian
7/16/2014 8:32:15 PM
📁 mozilla.dev.identity
📃 1643 articles.
⭐ 4 followers.

💬 1 Replies
👁️‍🗨️ 1091 Views


On Wednesday, July 16, 2014 10:32:15 PM UTC+2, Brian Warner wrote:
> Hey everybody..
> 
> 
> 
> I've invited a couple of folks from Yubico (the makers of the Yubikey
> 
> one-time-password hardware token) to give us a presentation next week
> 
> about the FIDO Alliance and their "Universal 2nd Factor" (U2F) project.
> 
> This is a specification for a public-key-based authentication system for
> 
> the web, somewhat reminiscent of Persona, that involves a USB hardware
> 
> token which can sign assertions.
> 
> 
> 
> They'll be presenting Thursday July 24th (next week), at noon PDT, in
> 
> the SFO Commons and on Air Mozilla (open to the public and recorded for
> 
> later viewing). Eight days from now.
> 
> 
> 
> Title:
> 
>   FIDO Universal 2nd Factor (U2F) - Strong in-the-browser authentication
> 
>   for the mass market.
> 
> 
> 
> 
> 
> Abstract:
> 
>   Join us for a glimpse into the future of online authentication.
> 
> 
> 
>   Universal 2nd Factor (U2F) is a new, open authentication standard
> 
>   focused on adding public-key cryptography to existing password
> 
>   authentication mechanisms, offering high security with friction-less
> 
>   user experience. U2F represents a crucial step in driving the rapid
> 
>   adoption of strong authentication technology, where the user can now
> 
>   use a simple password/passcode, which even if compromised, does not
> 
>   compromise the user's identity. The three elements involved are, the
> 
>   user possessing an authenticator, a client that can take the form of a
> 
>   web browser and the relying parties providing services leveraging the
> 
>   built-in U2F support in the web browser. The elegance of the protocol
> 
>   lies in the fact that the user in possession of the authenticator can
> 
>   authenticate to any number of web-based services using only one
> 
>   device, without the need to install any drivers or client software.
> 
>   The added benefit of U2F also lies in the simplicity of how this
> 
>   protocol can be easily integrated into an existing password
> 
>   authentication model.
> 
> 
> 
>   We'll go into the motivation for U2F, demo its use, explain the user
> 
>   privacy and security issues that are addressed, explain the importance
> 
>   of the browser support for U2F and dive into some key details of the
> 
>   protocol.
> 
> 
> 
> 
> 
> Presenter:
> 
>   Jerrod Chong, CISSP, VP of Solution Engineering at Yubico
> 
> 
> 
> URL:
> 
> 
> 
> https://air.mozilla.org/fido-universal-2nd-factor-u2f-strong-in-the-browser-authentication-for-the-mass-market/
> 
> 
> 
> I hope you can join us!
> 
>  -Brian
If U2F will be big or not also depends on how the competitor (PKI) develops.  So far PKI has frozen in the form it got in the mid-nineties (<keygen>).  I don't see that as a law of nature.
0
Anders
7/19/2014 9:50:12 AM
Reply: