U2F (Universal 2nd Factor)
What is U2F (Universal 2nd Factor)?
U2F (Universal 2nd Factor)An open authentication standard from the FIDO Alliance that adds a hardware second factor to passwords using a USB, NFC, or Bluetooth security key.
Universal 2nd Factor (U2F) was the first FIDO standard, originally co-developed by Google and Yubico. After the user enters a password, the browser asks a connected security key to sign a challenge that includes the relying-party origin; the user confirms presence by touching the key, and the server verifies the signature with the public key registered during enrollment. Because signatures are origin-scoped, U2F neutralizes phishing of the second factor. U2F has been superseded by FIDO2/WebAuthn, which adds platform authenticators, passwordless flows, and resident credentials, but existing U2F keys still work with relying parties via the CTAP1 backward-compatibility layer.
● Examples
- 01
Tapping a YubiKey to confirm a Gmail login after entering a password.
- 02
Registering a Google Titan security key as a U2F second factor.
● Frequently asked questions
What is U2F (Universal 2nd Factor)?
An open authentication standard from the FIDO Alliance that adds a hardware second factor to passwords using a USB, NFC, or Bluetooth security key. It belongs to the Identity & Access category of cybersecurity.
What does U2F (Universal 2nd Factor) mean?
An open authentication standard from the FIDO Alliance that adds a hardware second factor to passwords using a USB, NFC, or Bluetooth security key.
How do you defend against U2F (Universal 2nd Factor)?
Defences for U2F (Universal 2nd Factor) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for U2F (Universal 2nd Factor)?
Common alternative names include: FIDO U2F.