FIDO U2F Security Key

Annika Backstrom
in misc, on 7 October 2015. It is tagged and #security.


I recently heard about FIDO U2F through GitHub's announcement and partnership with Yubico. There are a few keys available on Amazon for under $20; I snagged one for $10 and immediately added it to my Dropbox account as a test run. Setup was painless and less complicated than using Google Authenticator: where near-ubiquitous 2FA asks you to scan a QR code in your Authenticator app before confirming the code, U2F just asks you to press the button on your dongle, no confirmation required.

Google Security: Adding a Security Key to your account

For unsupported platforms (pretty much anything besides the Chrome browser), Dropbox falls back on 2FA via SMS. Similarly, Google asks for your security key when you sign in through Chrome, but you can switch to other auth methods like SMS or 2FA.

I was skeptical of this tech at first given that I'm so frequently on mobile devices, but these providers have layered in U2F as a more convenient alternative to 2FA codes while still supporting the old methods. With big names like Google and GitHub pushing the tech (and subsidizing keys) I hope we see adoption pick up over the next couple years.

Google Sign In: Insert your security key

Google Sign In: Use an alternate sign in method