The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: FIDO2 Protocol

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

OpenSSH now supports FIDO U2F security keys for 2-factor authentication
February 17, 2020Swati Khandelwal
Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements. First, OpenSSH 8.2 added support for FIDO/U2F hardware authenticators , and the second, it has deprecated SSH-RSA public key signature algorithm and planned to disable it by default in the future versions of the software. FIDO (Fast Identity Online) protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along

Android Users Can Now Log in to Google Services Using Fingerprint

Android Users Can Now Log in to Google Services Using Fingerprint
August 12, 2019Swati Khandelwal
If you're using Chrome on Android, you can now sign-in to your Google account and some of the other Google services by simply using your fingerprint, instead of typing in your password every time. Google is rolling out a new feature, called " local user verification ," that allows you to log in to both native applications and web services by registering your fingerprint or any other method you've set up to unlock your Android device, including pins, pattern or password. The newly introduced mechanism, which has also been named "verify it's you," takes advantage of Android's built-in FIDO2 certified security key feature that Google rolled out earlier this year to all devices running Android version 7.0 Nougat or later. Besides FIDO2 protocol, the feature also relies on W3C WebAuthn (Web Authentication API) and FIDO Client to Authenticator Protocol (CTAP), which are designed to provide simpler and more secure authentication mechanism that sit

Android's Built-in Security Key Now Works With iOS Devices For Secure Login

Android's Built-in Security Key Now Works With iOS Devices For Secure Login
June 12, 2019Mohit Kumar
In April this year, a software update from Google overnight turned all Android phones , running Android 7.0 Nougat and up, into a FIDO-certified hardware security key as part of a push to encourage two-step verification. The feature made it possible for users to confirm their identity when logging into a Google account more effortless and secure, without separately managing and plugging-in a Yubico's YubiKey or Google's Titan key . "FIDO security keys provide the strongest protection against automated bots, bulk phishing, and targeted attacks by leveraging public key cryptography to verify your identity and URL of the login page, so that an attacker can't access your account even if you are tricked into providing your username and password," Google said . Android's security key feature until now was only compatible with Bluetooth-enabled Chrome OS, macOS, or Windows 10 devices over the Chrome browser. However, the latest update from Google now allow

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins
February 25, 2019Swati Khandelwal
Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means, instead of remembering complex passwords for your online accounts, you can now actually use your Android's built-in fingerprint sensor or FIDO security keys for secure password-less access to log into apps and websites that support the FIDO2 protocols, Google and the FIDO Alliance—a consortium that develops open source authentication standards—announced Monday. FIDO2 (Fast Identity Online) protocol offers strong passwordless authentication based on standard public key cryptography using hardware FIDO authenticators like security keys, mobile phones, and other built-in devices. FIDO2 protocol is a combination of W3C's WebAuthn API that allows developers to integrate FIDO aut
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.