Duo: Most 2FA Users Find Security Keys Convenient To Use

Not open for further replies.
Brilliant. A convenient, widely-used two-factor authentication device. Two negative comments:
1) It's a great solution, but I have an unproven prejudice that challenge-response is safer than synchronized key generation.

2) You really, really have to trust them. Just the idea of attaching an automatic keyboard to my machine brings up images of it ordering ten thousand pairs of sneakers on Amazon or something. And unless I missed something, since they hold the symmetric key and your unique id, someone with access to that data could impersonate your device. They'd still need your password for the resource in question, but a device attached as a keyboard smells like a good place to put a keylogger, a la MantisTek GK2: http://www.tomshardware.com/news/mantistek-gk2-collects-typed-keys,35850.html

Then again, I'm paranoid. I kept my passwords in a password safe on a Palm Pilot until I broke the thing earlier this year. No internet connection. No way for someone to access the data remotely. Plus Elder Geek cred for carrying a Palm Pilot.


Aug 7, 2012

In response to both 1 and 2:
FIDO U2F is a challenge-response system.
And no, the service you connect to does not have a symmetric key, it is based on asymmetric public-private key cryptography, the only record of the private key is held by you, on your YubiKey.
Every service gets it's own key pair, so no 2 services have any knowledge of even the existence of another service, and the key pair is the only identifying feature, the service has no way of knowing whether you are using a particular key, or multiple keys.
The Yubikey is programmable, so you can control almost every aspect of it, including what services it has.

In terms of trust, YubiCo is one of the largest, and longest lived companies in the physical second-factor business, and is a big pusher for open-source security solutions.

I am speaking, of course, of the physical keys pictured, which their study named as being the most secure, as well as most convenient 2FA system, not about the duo push, or sms based systems, both are, imho, woefully insecure systems.

I too, am highly paranoid, and use a non-internet capable device for important password storage (though I do use the more convenient keepass for low-security passwords such as forums, that I use often. I have also been using YubiKeys as my 2FA system since before they helped design FIDO U2F, since I was introduced to them in the cryptocurrency world.

Olle P

Apr 7, 2010
Don't they mean three factor authentication?
I've allready experienced one factor (password only), which was inherently bad since it required the password to be unique.
Two factors (password and user name) is the norm and works fairly well.
Adding a third factor may improve security but often come in the form of inconveniance.


Nov 8, 2017

I gladly accept the inconvenience for the peace of mind that not only does someone need to find my usename (not hard) and crack my password (a bit more difficult), but also need to somehow get a OTP from my Yubikey to get into my accounts. I just wish more sites/companies would offer support for OTP.


Ahh. I'll look for the misinformation I read yesterday, which describes the fields of the token generated before it is encrypted. If I recall correctly, this consisted of the user's id, two different sequence fields, amount of time they key had been plugged into the current system, and nothing from a challenge. It also stated that a shared key was used by the device and the service. If I find it again I'll post a link and look to see why this is the wrong information.

EDIT: Maybe you can help me. I was reading documentation on an exactly 44-byte long encrypted message sent by the client. Does that ring a bell?


Aug 7, 2012

The only thing i can think of in U2F that could be considered a shared key (other than the public key generated for the site/service) would be the key handle also generated during initial device registration with the site/service.
It is used by the service as part of the data sent to the U2F device as the challenge, and could sort of be thought of as a "username" the device uses for that account, to allow unlimited accounts to be used on a single device, without having to use expensive (and potentially insecure) storage on the device.
This key handle, like the public key, is unique for each account, and is not able to be used to identify a particular physical device.

A short overview of privacy considerations follows; taken from section 12 of the FIDO U2F ARCHITECTURAL OVERVIEW ( a suggested read, available here: https://fidoalliance.org/download/ , along with the complete specifications, if you want to get deeper into it) :

As the reader would have noticed, user privacy is a fundamental design consideration for the U2F protocol. The various privacy related design points are reiterated here:

    ■ A U2F device does not have a global identifier visible across online services or websites.
    ■ A U2F device does not have a global identifier within a particular online service or website
    Example 1: If a person loses their U2F device, the finder cannot 'point it at a website' to see if some accounts get listed. The device simply does not know.
    Example 2: If person A and B share a U2F device and they have each registered their accounts on site X with this device, there isn't any way for the site X to guess that the two accounts share a device based on the U2F protocol alone.
    ■ A key issued to a particular online service or website can only be exercised by that online service or website.
    Since a key is essentially a strong identifier this means U2F does not give any signal which allows online services or websites to strongly cross-identify shared users.
    ■ A user has to activate the U2F device (i.e., 'press the button') before it will issue a key pair (for registration) or sign a challenge.
    ■ The browser may notify the user before they form a U2F relationship with an online service or website
    An infobar could appear whenever the 'issue a key' javascript call is made.
    An infobar (with a once-only option) could appear when the 'sign with this key' javascript call is made for a particular origin

The infobar approach puts a decision burden on the users - this is a downside and the infobar UX design has to be done with care.
Not open for further replies.