Talk:Universal 2nd Factor

Universal Authentication Framework
It will be helpful to include some mention of the Universal Authentication Framework also being worked on in association with the Universal 2nd Factor specification. See, for example: https://fidoalliance.org/approach-vision/ Thanks! --Lbeaumont (talk) 14:20, 4 June 2017 (UTC)

Proposal for overview
It would be great if an overview of how U2F works could be included in the main article based on the spec from https://fidoalliance.org/how-fido-works/ - thoughts? Bobzy (talk) 22:09, 12 February 2018 (UTC)

Multiple transactions in background
What prevents a U2F USB token from authorizing multiple transactions taking place in the background, does U2F impose restrictions? In case of a secureID, one has to manually authorize by keying in the correct pin , which changes everytime. The base FIDO spec enforces user intervention via fingerprint reader for every transaction etc. But the commercial ones do not.

When magnetic cards were launched in 80s too, magnetic card programmable kits were not easily available, but they are easily purchasable since the 90s. The same would apply to USB tokens not being programmable today but being programmable in the near future

— Preceding unsigned comment added by 122.167.152.69 (talk) 12:52, 26 July 2018 (UTC)

U2F is a legacy protocol
Before I revert the previous edit, I'd like to hear from others. Is U2F a legacy protocol? I strongly believe that it is (and I have provided evidence of this in the article). Thoughts? Tom Scavo (talk) 17:30, 26 April 2019 (UTC)


 * I will revert the previous edit on May 1 unless someone objects. Tom Scavo (talk) 23:30, 28 April 2019 (UTC)


 * Reversion complete. Tom Scavo (talk) 16:38, 1 May 2019 (UTC)

Keyboard
Under it says that the devices emulate a keyboard. That doesn't appear to be the case from my use of one, and it doesn't say that in the webpage linked in the citation. What the source *does* say is that U2F devices use the HID protocol and, to explain what HID is, says that it's also used by keyboards, mice and joysticks. I think the editor who wrote that part has misunderstood the source.

I have added the "failed verification" template and, if there's no objection, I will remove the text "essentially mimicking a keyboard".

DDFoster96 (talk) 10:20, 6 October 2022 (UTC)


 * The original article was likely confusing U2F with the proprietary Yubico OTP protocol which only requires one way communication and *does* emulate a USB HID keyboard: https://developers.yubico.com/OTP/ 2A02:ED04:3581:2:0:0:0:D001 (talk) 17:00, 29 September 2023 (UTC)

I also think such an USB device emulates a chip card reader with a chip card inserted. That way it's much easier to establish a two-way communication (than with a keyboard)

--Uhw (talk) 13:21, 7 February 2023 (UTC)

Bold 2A01:5EC0:5011:F7FB:1:0:9F18:23BA (talk) 08:45, 8 June 2024 (UTC)