Slashdot Mirror

← Back to Stories (view on slashdot.org)

U2F Security Keys May Be the World's Best Hope Against Account Takeovers (arstechnica.com)

Posted by BeauHD on from the new-kid-on-the-block dept.

earlytime writes: Large scale account hacks such as the billion user Yahoo breach and targeted phishing hacks of gmail accounts during the U.S. election have made 2016 an infamous year for web security. Along comes U2F/web-security keys to address these issues at a critical time. Ars Technica reports that U2F keys "may be the world's best hope against account takeovers": "The Security Keys are based on Universal Second Factor, an open standard that's easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a 'cryptographic assertion' that's just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms. After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication. The architects based their assessment on the ease of using and deploying keys, the security it provided against phishing and other types of password attacks, and the lack of privacy trade-offs that accompany some other forms of two-factor authentication."

The researchers wrote in a recently published report: "We have shipped support for Security Keys in the Chrome browser, have deployed it within Google's internal sign-in system, and have enabled Security Keys as an available second factor in Google's Web services. In this work, we demonstrate that Security Keys lead to both an increased level of security and user satisfaction as well as cheaper support cost."

101 of 162 comments (clear)

  1. Great! by ls671 · · Score: 4, Interesting

    The only concern I have is that in some environments, the USB ports are disabled for security reasons. Also, how long do we have to wait before some exploit is embedded in those USB stick? ;-)

    --
    Everything I write is lies, read between the lines.
    1. Re:Great! by DigitAl56K · · Score: 1

      I don't even want to use USB. I want to be able to NFC with my phone, or my watch. If I have to use USB it should be to plug an NFC device into in order to enable this.

      Plugging things in is annoying, just let me do a quick touch action for couple of seconds while it does whatever crypto it needs. Make it wireless powered too so I don't have to charge it.

    2. Re:Great! by skids · · Score: 2

      TFA seems to imply that U2F only sends a public-key-encrypted challenge -- just the ciphertext -- without leaking the key identity.

      I've not read the standard yet though. Do U2F keys come with the keypair preinstalled ("just trust us, we didn't keep a copy, trust us"), or can you generate and load your own keys?

      --
      Someone had to do it.
    3. Re:Great! by edtice1559 · · Score: 3, Informative

      You generate your own key.

    4. Re:Great! by Anonymous Coward · · Score: 1

      This is incorrect:per https://developers.yubico.com/U2F/Protocol_details/Overview.html

      The device comes shipped with a burned-in device-specific private key that generates a key per application.

    5. Re:Great! by arglebargle_xiv · · Score: 1

      The only concern I have is that all this is, is a hacked-up smart card. "Next year will be the year of the smart card" is a joke so worn out that's about 15 years older than the same comment about desktop Linux, and yet it looks like someone at Google still thinks that smart cards (under another name) will take off real soon now.

      So any time now we'll all be using our PS/2s to acess our Orange-Book secure OSI network using U2F tokens.

    6. Re:Great! by Anonymous Coward · · Score: 1, Informative

      They can generate application specific key but the firmware is closed so one does not know what they do. They may make it so that the key recoverable in short time for them. Only the server side source code is open. I would not trust it much.

    7. Re:Great! by bernywork · · Score: 1

      The fact that they're available at this price point, which puts them in the hands of pretty much anyone who owns a computer is pretty spectacular. PKI environments and their implementations were hard even for the DOD.

      While I get the sarcasm, never has so many public sites accepted second factor so quickly and publicly.

      Honestly though, I always assumed this would be handled by the government at some point, they issue passports and other identity cards, why not PKI certs?

      --
      Curiosity was framed; ignorance killed the cat. -- Author unknown
    8. Re:Great! by skids · · Score: 1

      Read a bit of the spec. In addition to generating keys in a most likely unauditable manner, it seems it also includes an "attestation certificate" which the server "should" verify as signed by a trusted CA. Whether this cert is device specific is a matter for concern, as well as the fact that while this mechanism does not prevent a server from honoring a DYI-implemented device, it could IRL end up preventing that.

      Another matter of concern is the presence of a token-wide counter... which presumably is to allow servers to prevent cloned authenticators if they so choose. That has the potential to end up being used as correlation data.

      --
      Someone had to do it.
    9. Re:Great! by arglebargle_xiv · · Score: 1

      It's not new. Organisations and governments have resorted to giving them away in an attempt to get people to use them, and they still didn't see any uptake. People don't even want them for nothing.

      The government has tried to do this already in the form of the CAC. Military personnel are ordered to use them or face disciplinary action. That's a pretty dire model for smart card deployment.

      So, this will fail just like every other attempt to deploy smart cards has failed (outside of things like replacing existing mag-stripe cards, or deployment models where you're forced to use them or face disciplinary action). It's an inherently non-viable technology, it's had over thirty years and endless attempts to get it going in some form or other, that's not going to change now just because Google wants it to.

    10. Re:Great! by Jane+Q.+Public · · Score: 1

      NFC security was broken before it was even common in consumer devices.

      Any time you use RF as part of your security, you are hanging your ass out in the wind.

    11. Re:Great! by Mattcelt · · Score: 1

      While on the surface you're correct, if properly implemented, this technology should still be usable with NFC, as it doesn't rely on the security of the NFC link to be secure.

      For one, an NFC link can only be exploited through sniffing in the immediate physical vicinity of the accessing device (and statistically-speaking, few attackers are financially capable of being within 10m of their victim). For another, the real security of authentication comes from the crypto chip (think embedded smartcard or TPM-type module).

      Contrast this to a USB device, where USB over TCP becomes a true security risk. It's possible for an attacker to mount a USB device over a WAN link in a manner indistinguishable from a local device, thereby co-opting the credential store. (Though of course this is supposing that the NFC connector is not itself USB-connected...)

      Now the question of how to authenticate securely to the NFC device itself is another question entirely. But that's one for another thread.

    12. Re:Great! by syntotic · · Score: 1

      How? A USB with a variable volume number is not the same device to computers. If keys are in a standardized frame, only variation is the key itself, and it can be a different key for different..... HEY! I was working for the company implementing this idea and calling it KeyAdmin! Only the idea was not USB sticks they were not yet here, but smartcards.... Though to be very direct, I had already thought of the key admin store and reader, though public key cryptography was not yet here either... For security it is OK, it is second layer or token security, but it is the same problem than with fingerprints, if bad guys want your finger to sign in... they will get it.

    13. Re:Great! by YoungHack · · Score: 1

      The better idea is to build your own compatible key using a firmware you can audit yourself. I did exactly that myself: https://github.com/conorpp/u2f...

    14. Re:Great! by bernywork · · Score: 1

      How do you get around what Yubikey put as:

      "Given these developments, we, as a product company, have taken a clear stand against implementations based on off-the-shelf components and further believe that something like a commercial-grade AVR or ARM controller is unfit to be used in a security product. In most cases, these controllers are easy to attack, from breaking in via a debug/JTAG/TAP port to probing memory contents. Various forms of fault injection and side-channel analysis are possible, sometimes allowing for a complete key recovery in a shockingly short period of time."

      ?

      --
      Curiosity was framed; ignorance killed the cat. -- Author unknown
    15. Re:Great! by bernywork · · Score: 1

      Actually, most EU countries have identity cards, these cards are used for everything from your drivers license to international travel (Within the Union) they've all got certs on them, and they're provided by the government. Most people carry them to buy alcohol / enter clubs (Proof of age) or as a proof of ID when buying mobile phones or other high value items to reduce fraud. So in countries like Belgium and the Netherlands where I'd suggest high 90s in regards to % of people carrying them, I wouldn't call that "Didn't see any uptake"

      The CAC is used for everything from computer access to opening doors, so, as an identification card to prove who someone is, I can completely understand from a security perspective why it would be a compulsory for someone to carry it when wandering around a military complex. I wouldn't call that dire, I'd call that common sense.

      If there was more usage of these by private corporations, then I think their uptake would hit 100% as there's a day to day requirement to have them. It's just never been financially worthwhile to use someone else's technology when fraud is so low, the banks would rather pay for it, so that they controlled it, as it's their risk. The US is finally ditching mag stripe for Chip and Pin because they can push the fraud back on the consumer as it's now a much more secure device as fraud was becoming that much of a problem.

      Most companies push out other things like the Vasco DigiPass products and other devices that the users interact with and enter codes through their keyboard as a second factor as NFC readers and USB ports aren't guaranteed to be available. That's where the problem comes in, in regards to the security / usability argument, the problem is usability.

      Now, if the government actually made their certs more accessible and easier to integrate with, and acquiring a card / cert came with as much security as acquiring a drivers license / passport; banks and other web sites *would* start using them as identification devices for users, the problem here again is usability. At that point, white listing device IDs and USB ports / NFC chips in keyboards (More likely as no contact wear) would become a norm.

      The process for replacement and what happens when you lose it though is just another thing that's not been tackled. This was part of the whole process thing that had to be tackled by the DOD, it was the process side, and getting people *used* to using the devices which was the problem, not the technical PKI implementation.

      --
      Curiosity was framed; ignorance killed the cat. -- Author unknown
    16. Re:Great! by arglebargle_xiv · · Score: 1

      Yeah, that's a situation where we're probably arguing over semantics, does overloading an existing device with smart card functionality really count as a successful smart card deployment? The poster child for this is (e-)passports, you have to get a passport to travel, there's no choice, so it falls into the "ordered to use it" category of the CAC. Same with the example I gave, payment cards (credit/ATM cards), when you get a new card it has a chip in it, you can't opt out.

      What I'm looking for is examples of smart card deployment where people have looked at it and said "this is cool/useful, I need to go out and get this", rather than "I'm required/forced to use this whether I want to or not". I'm not aware of any significant cases of this. I am aware of many, many attempts to do so, all of which have failed.

    17. Re:Great! by bernywork · · Score: 1

      If you could use a government issued ID to sign into Facebook or Google, and identify yourself for email etc, would you use it?

      I just think of my parents, their getting SMS two factor codes from Google, Apple, their bank, and SMS is by no means secure.

      If I could also use that to auth SSH etc, then yes, absolutely I'd use it, I'd suggest that MS would even get on board for smart card auth for Windows (Making certain default choices to allow for sign in using that tech).

      --
      Curiosity was framed; ignorance killed the cat. -- Author unknown
  2. Lol, oh really? by JustAnotherOldGuy · · Score: 4, Insightful

    "the keys provide a 'cryptographic assertion' that's just about impossible for attackers to guess or phish."

    Do you know how many times we've heard this kind of claim in the past?

    I'd love for it to be true this time but I'm not going to hold my breath.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Lol, oh really? by dbIII · · Score: 2

      Do you know how many times we've heard this kind of claim in the past?

      Indeed, but a lot of the time the claim has been correct until someone took an especially stupid shortcut for the sake of convenience. DVD encryption was one example (https://www.wired.com/1999/11/why-the-dvd-hack-was-a-cinch/)

    2. Re:Lol, oh really? by fustakrakich · · Score: 1

      "Emulation" is the word of the day. Anything can be faked. "Impossible" is great snake oil, and "just about" (pert near) covers all the liability issues.

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Lol, oh really? by JaredOfEuropa · · Score: 1

      "Just about impossible". So: possible.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    4. Re:Lol, oh really? by bernywork · · Score: 1

      Like any other 2k / 4k key, possible; computationally unlikely, but, you might get lucky!

      --
      Curiosity was framed; ignorance killed the cat. -- Author unknown
    5. Re:Lol, oh really? by Solandri · · Score: 1

      The claim is true. The big problem right now is that what's needed to gain access to accounts or complete financial transactions is a piece of information. And as we all know, information wants to be free - it can easily be duplicated, and (with modern technology) transmitted anywhere around the world almost instantly.

      These keys tie the generation of that information to a physical object which cannot be duplicated and cannot be transported around the world any faster than other physical objects. And because each piece of information the key generates is one-time use, intercepting a previous transaction doesn't help you fake future transactions. They're basically the chip in chip and pin. The only reason they haven't caught on is because being a physical object, they suffer the same problems as all physical keys - it's inconvenient to carry them, inconvenient to take them out when you need them (especially if you have a lot of them), and you can lose them.

      They're still vulnerable to man-in-the-middle attacks though. If someone can fool you into thinking you're at a legit website, they can make you authorize a transaction different from what they're showing you on the screen. e.g. Someone who owns arnazon.com sets it up to look identical to amazon.com. You click a "helpful" referral link on a review site which sends you to the fake amazon.com. It acts as a man-in-the-middle and relays everything you do to the real amazon.com to create an authentic-seeming transaction. But when you click "Buy" and touch the button on the physical key to authorize it, your screen shows a $39.99 purchase but the site is actually charging you $3999.

    6. Re:Lol, oh really? by JustAnotherOldGuy · · Score: 1

      These keys tie the generation of that information to a physical object which cannot be duplicated

      We've heard that before as well, and it seems that sooner or later some clever bastard always manages to spoof it or clone it or whatever.

      Like I said, I've love it if the claim that it's "impossible for attackers to guess or phish" were true, but would you bet your home, job, or bank account that this will still be true in a year?

      The basic problem is that if you rely on signals that come over a wire, you can never really know who or what is on the other end.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    7. Re:Lol, oh really? by JustAnotherOldGuy · · Score: 1

      "Emulation" is the word of the day. Anything can be faked.

      That's it in a nutshell.

      -

      "Impossible" is great snake oil

      Yep, and when they say it's "almost impossible", that means it's still possible.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  3. How is this better than "phone app" 2FA by ghee22 · · Score: 1

    I use the native 2FA feature for Gmail that leverages an app on any smartphone and it works great. No USB port required. https://www.google.com/landing...

    --
    "Persistence is annoying success." - ghee22 11:28:1999 - 10:53:PM
    1. Re:How is this better than "phone app" 2FA by robmv · · Score: 3, Informative

      First, the app name is Google Authenticator. Second, it works with more that Gmail, I have my DNS provider, my GitHub and GitLab accounts, my Google accounts, my corporate accounts, etc all inside that application. It works on more that one site because they all support TOTP, an open algorithm, that is what the app, and many other alternatives like FreeOTP.

      About what is better is the USB device that an application? The keys are stored on the device, and good devices are designed so keys are unreadable outside of it, only the generated code. Applications are vulnerable to malware on the device running it. The device ideally is less vulnerable of malware, it will be able to intercept current generated codes, but not extract the keys and generate codes themselves (unless the firmware is too buggy that it exposes the keys to the host device)

    2. Re:How is this better than "phone app" 2FA by tempo36 · · Score: 1

      You do have a point that Google Authenticator can be used by multiple sources (and I do have a few different sites running off my GA)

      I still prefer to keep a USB key on my keychain rather than making sure my phone hasn't run out of batteries at all times. But I will concede that's my personal preference. I lose my phone and it's a pain in the tail to restore Google Authenticator...I know it's not impossible and I know there are options for that. Again, my personal preference it to keep a spare USB key not on my person in case I lose my keys.

    3. Re:How is this better than "phone app" 2FA by robmv · · Score: 3, Interesting

      I screenshot all qrcodes generated by websites that support 2FA, encrypt then with OpenPGP, and store on a safe backup. I can change devices anytime I want without problems, I just reinstall the keys on the application scanning the qrcodes again.

    4. Re:How is this better than "phone app" 2FA by ceoyoyo · · Score: 1

      True, and it's a lot more convenient than a USB device. On the other hand, it's a lot more convenient than a USB device. You can phish TOTP authenticators by convincing someone to send you the QR code.

      I use TOTP authenticators. If I had something really important to protect I might make all the users get the USB sticks.

    5. Re:How is this better than "phone app" 2FA by Anonymous Coward · · Score: 2, Insightful

      Because it does not require me to have a "smartphone". That's how it is better.

    6. Re:How is this better than "phone app" 2FA by flink · · Score: 2

      You can also usually get the raw hex key if you click on a link that says "manually enter key" or "trouble scanning". You can then write that down and store it in a safe place.

    7. Re:How is this better than "phone app" 2FA by tepples · · Score: 1

      A universe where the only port you might have is a USB OTG receptacle, such as micro-AB or C, or a Lightning port. A U2F key with a USB A plug won't fit into those without an adapter.

      Or a universe where all of your PC's external USB ports have been epoxied shut. Some shops use this to deter exfiltration of confidential data.

    8. Re:How is this better than "phone app" 2FA by geekmux · · Score: 3, Interesting

      I use the native 2FA feature for Gmail that leverages an app on any smartphone and it works great. No USB port required. https://www.google.com/landing...

      You question how dedicated security hardware is "better" than one of the most hacked platforms on the planet?

      Give me a fucking break. This is the #1 reason I do not want my corporate users using hackedphones as the other half of 2FA.

    9. Re:How is this better than "phone app" 2FA by edtice1559 · · Score: 1

      But there has to be a trust relationship between the owner of the authenticator app and the resource being protected. With U2F, there is no third-party involvement. Technically and contractually much easier.

    10. Re:How is this better than "phone app" 2FA by Anonymous Coward · · Score: 1

      This is why I laugh (so I don't cry) at my company's rush to replace the convenient RSA keychain dongles with the smartphone-based RSA app.

      I know it probably saves RSA Inc. a ton of cash, convincing everyone to use an app rather than those key devices... we subsidize their platform with our own personally-purchased devices.

      I liked having a dedicated RSA key for VPN access. I knew it was simple and reliable; it fit in my pocket, couldn't be hosed by installing the latest Angry Birds App or sitting on the device, and had 2y+ battery life. Now we have to use the RSA app on a fragile smartphone and I've already had a phone die on me in the middle of the work week, with deadlines looming and the ensuing panic, with a less-than-speedy IT department handling RSA token updates.. whenever they felt like it.

      Bugs the hell out of me that, to authenticate to a VPN, I now need a 1.5+GHz, multicore device with a Byzantine OS with god-knows-how-many points of exploit -- to run what is probably a 20-line program: hash = (prev-hash + timestamp) loop to get me a valid RSA code, where a simple 8-bit MCU on a keychain did the job just fine, thank you.

    11. Re:How is this better than "phone app" 2FA by tepples · · Score: 1

      Where is this dysfunctional universe? I would like to avoid it.

      You'd probably want to avoid finance, the military, or intelligence.

  4. Mandatory? by bill_mcgonigle · · Score: 1

    We have good 2FA now and hardly anybody uses it.

    Google Authenticator is free, SMS 2FA isn't wire-secure, but it prevents almost all account takeovers, and "nobody" uses them because they're not mandatory.

    But now we'll have a hardware dongle that will either fit in a computer or a phone, but not both (probably) and nobody will use those too? We got stronger crypto but we didn't need stronger crypto; what problem is this solving?

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:Mandatory? by QuietLagoon · · Score: 1

      ... SMS 2FA isn't wire-secure, but it prevents almost all account takeovers, and "nobody" uses them because they're not mandatory ...

      At one time, I had used my cell for SMS 2FA. Within a couple of days of giving my cell number out for 2FA, I started to get spam text messages and calls.

      .
      I've since switch my cell number and no longer use SMS 2FA.

      The problem with using SMS 2FA is that too many advertisers and other trackers want your cell number for tracking and spamming purposes, and there is no way to assure the cell number will not spread beyond the intended 2FA purpose.

    2. Re:Mandatory? by Anonymous Coward · · Score: 1

      That is why I won't use Yahoo anymore because they insist on storing a mobile phone number with your account.

    3. Re:Mandatory? by tepples · · Score: 1

      SMS 2FA on Twitter doesn't work with a landline and is expensive with pay-as-you-go mobile, and Twitter refuses to support TOTP or U2F.

    4. Re:Mandatory? by tlhIngan · · Score: 1

      Google Authenticator is free, SMS 2FA isn't wire-secure, but it prevents almost all account takeovers, and "nobody" uses them because they're not mandatory.

      SMS is insecure. There's a good reason NIST doesn't recommend it - you assume the number is associated with a phone, when that is not necessarily the case. It's also REALLY easy to MITM. In fact, in most mobile operating systems, when you see it on the screen, it's already passed through many layers of software and third party apps that could easily have viewed and accessed your account.

      Heck, a malicious Android app could intercept the SMS, let some third party access your account, then simply request a NEW SMS and pass that on. So you get a code but your account has already been accessed one or more times by the time you get the SMS.

      And if you knew how the network really works, SMS is horrendously insecure. And it's used in a lot of situations internally so you can't even eliminate the many hands touching the text before the user even sees it (and many of those are suppressed, so once the OS handles them, they are no longer passed up).

    5. Re:Mandatory? by tepples · · Score: 1

      twitter supports TOTP now for like one week LOL

      you can setup it via web

      How do I set that up? In Security and privacy, "Verify login requests" was grayed out because "You need to add a phone to your Twitter account to enable this feature." And the "add a phone" page still doesn't appear to offer TOTP/Google Authenticator or voice call support. Do I specifically need the Twitter app, not another TOTP client?

      Or is it something that Twitter is rolling out to only a subset of its users as an A/B test?

  5. The eternal question: by Nutria · · Score: 1

    does it run on Linux??

    --
    "I don't know, therefore Aliens" Wafflebox1
    1. Re:The eternal question: by sl149q · · Score: 3, Informative

      Linux? Yes!

      I use these on Linux, MACOS and Windows for all my Github and Google accounts.

      https://www.yubico.com/github-...

      See the FIDO U2F Security Key.

  6. In other news... by tempo36 · · Score: 1

    Water is wet and rocks are hard.

    If you still don't realize that secure 2FA is better than a password alone, I don't think a published article about the topic is going to change your mind. Unfortunately.

    Of course portable hardware based 2FA is more secure than nearly any alternative.

    1. Re:In other news... by sexconker · · Score: 2, Informative

      A "second factor" presented as bits along the same wire as the bits of your password is not a second factor. They're both something you know. The only difference is you can lose the dongle and be fucked. You're still vulnerable to being phished or MITM'd or logging in via a pwned box or whatever else. The only thing time-based 2-factor approaches protect against is your own stupidity (reusing passwords or using bad passwords) and getting phished by a passive attacker who won't be using your credentials immediately.

      We're already seeing what happens when people have multiple dongles to deal with - they want one dongle to rule them all, or one app that holds all the seeds to generate the keys for each site/service. This is the same thing as password reuse. If the app or dongle is hacked, you're fucked. We've also already seen the trusted, extra secure 3rd parties that hold the secret seeds for those "2 factor" solutions get hacked.

    2. Re:In other news... by Anonymous Coward · · Score: 5, Informative

      You're still vulnerable to being phished or MITM'd or logging in via a pwned box

      You can't be phished because the phishing site won't have the private key of the original website to validate to the key-dongle you are making a request to it from the original website that was stored when setting up the authentication originally.

      You can't be MITM'd as as vulnerability any different than SSL traffic. The keys won't match to decrypt the traffic, which were exchanged originally when setting up the authentication.
      Of course the encrypted data stream can be logged from a MITM position, just like SSL traffic now, but the idea is the attacker doesn't have either key to decrypt it to plain text and shouldn't have a quantum computer to brute force it in any reasonable time.

      Logging in via a pwned box would only be able to intercept that session.
      So yes, that can be quite damaging in some cases, but doesn't grant the attacker continued access. Remember, you need to push a button on the hardware dongle to reply to an authentication request and this request is only valid for the one session.

      For situations like say banking, yes one session is enough to have your account drained.
      But I fail to see how this is any WORSE off than not using the hardware key, while it is clearly still BETTER than not using a hardware key because it solves 2 of the 3 situations you describe.

      You are falling for the typical error in assuming a replacement security function must somehow be 100% effective else it is worthless.
      In reality, it only needs to be more effective than what you were previously doing to have some value, and you are ignoring that fact.

      If it was only 1% better then you may be valid in claiming the time investment of switching may not be worth it.
      But with the examples you listed it is clearly more than 66% better (2 of your 3 conditions are solved problems, and of the 3rd condition it is at least slightly mitigated even if not fully or even mostly)

    3. Re:In other news... by edtice1559 · · Score: 3, Informative

      Logging in from a pwned box will get your one account stolen. But it's not a profitable criminal enterprise since it's a retail theft. This prevents wholesale crimes. Somebody can also rob you and steal your U2F dongle and threaten your family with violence if you don't turn over your dongle and password. It prevents mass attacks.

    4. Re:In other news... by Kernel+Kurtz · · Score: 1

      SecureID is something you have. Your passcode is something you know. This seems like a simpler version for the masses. Good idea.

  7. Just what I want, a browser with USB device access by guruevi · · Score: 1

    The problem is that this isn't "true" two factor authentication. This is just an (extra) client-side key embedded in a USB stick, you can do the same (much more universally) with SSL keys which is better than a password but in no way is it either foolproof nor 2 factor authentication, both of the items are passwords, you're just saving a really complicated password in a keychain.

    A good TFA requires something two out of something you have, something you know and something you are. Something you have should be separated from and not influenced by the machine you're using to authenticate with.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  8. Only as safe as dumb people... by technomom · · Score: 1

    "Hi, I'm from your company's tech support team. I'm here to test your 2FA key to see if it needs to be replaced by this fake-o virus carrying USB key I'm carrying, mind if I check things out? I'll be needing that key...."

    1. Re:Only as safe as dumb people... by cerberusss · · Score: 1

      "Hi, I'm from your company's tech support team (...) I'll be needing that key...."

      I have the feeling that these are just like stronger locks. You basically push the burglar towards your neighbors.

      --
      8 of 13 people found this answer helpful. Did you?
  9. A New Hope by turkeydance · · Score: 1

    hope it works

  10. Re:Just what I want, a browser with USB device acc by sexconker · · Score: 2

    That's still something you know. You know the code. You aren't proving that you have the phone number - SMS is incredibly insecure, numbers can be rerouted to other devices, someone else could have your phone, etc.

  11. Re:Just what I want, a browser with USB device acc by Anonymous Coward · · Score: 1

    A challenge against a private key on an external hardware device doesn't count as a second factor to you? (Something you have)
    First factor being something you know (a password).

    Are you thinking it just spits out the same answer everytime?

    This is better than the typical deployment of ssl keys since you can copy those off disk.

    It's more like using a smart card but this is also better in that it's a different keypair per site without needing a central authority that could track you by noting where it processes requests from.

    https://www.yubico.com/about/background/fido/

    "A U2F device generates a new pair of keys for every service, the public key is only stored on the specific service it connects to. With this approach no secrets are shared among service providers, and even low-cost U2F devices can support any number of services."

    and not influenced by the machine you're using to authenticate with.

    The machine can't alter the response and have a valid signature when the response is signed by the private key on the external hardware dongle.

    Maybe I just don't understand.
    What sort of man in the middle attacks do you envision the machine you're using will be able to perform between the dongle?
    Why is this not enough?

  12. Yeah, right by tietokone-olmi · · Score: 1

    We'll see how this one turns out once it's had some proper review.

    Just developing something in public and doing RFCs won't attract as much efforts as possibly knocking down something published, a feather in the cap for defeating Google's propeller beanies. Whereas the first is just, "was a helper", which matters for just about zilch in any CV.

  13. Re:Just what I want, a browser with USB device acc by gumbi+west · · Score: 1

    "something you are" if you can remove it with a knife, it isn't something you are. Also, once your biometric fingerprint (of any sort) is compromised, it's difficult to get the CA to issue you a new one.

  14. Seriously, security dongles. That's the old new? by ebyrob · · Score: 1

    We run general purpose computers. Can't we trust our own operating systems enough to think they might store a couple bits of secretish data? If not, what good is any encryption since the attackers get every session key anyway? (not to mention the keylogger with the raw password and the memory debugger that sees every block encrypted and decrypted)

    The only thing a dongle provides is certainty that another computer can't impersonate a fully compromised device without the dongle. Of course, dongle-failure could very well lock you out of your own services. (and with a back-door in place, session hijacking is very possible)

    Many sites, like gmail for example, require "registering" each new device via phone IM or pre-shared key. This happens after password success. Secret keys are then created and stored as securely as the device is maintained. Only if the device is deeply compromised will they be stolen.

    If we create a landscape where 90% of computers AREN'T compromised thoroughly this really isn't that horrible. Throw in a bit of geo-location and email warnings about every interesting event (password change, new device registration, stale device login, Computer moved to Ukraine) and really things aren't all that bleak especially for services used every day or even once a week.

    Then of course, there's cracking down on IP's and ISP's generating compromising packets, but that's a whole other subject.
    See: 18 U.S. Code 2701 - Unlawful access to stored communications

  15. Put your money where your mouth is by ShaunC · · Score: 1

    After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication.

    OK Google, then offer to ship these dongles out to your users at no cost. I'm not going to buy yet another little thing that's going to break, or get lost, or get stolen; I'll use it if it's free, though. I like PayPal's approach, they mailed out free SecurID dongles to anyone with a business account who asked for one. Mine still works fine on the original battery 10 years later.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    1. Re:Put your money where your mouth is by edtice1559 · · Score: 1

      You are aware that RSA sold all of the SecureID keys to the NSA so that token is useless, right? Also you have to have one SecureID per entity with whom you do business. The problem this is trying to solve is that you don't end up with so many tokens that you exceed carryon limits and have to decide which ones to bring with you on a trip. Also the SecureID tokens are insanely priced. Agreed they should be free since reselling the keys is where RSA makes the real money. But current costs have been described as usurious.

    2. Re:Put your money where your mouth is by drinkypoo · · Score: 3, Insightful

      You are aware that RSA sold all of the SecureID keys to the NSA so that token is useless, right?

      It's useless for hiding your activity from the feds, but it's fine for banking or anything else that's going to be reported to the feds anyway.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  16. U.S. SMS recipients are billed by tepples · · Score: 1

    Almost everyone has a cell phone with free text messaging

    Then I guess I'm not among "almost everyone", nor are other pay-as-you-go users in the United States market, which is Slashdot's home country. It's traditional for U.S. carriers to bill half the SMS toll to the sender and half to the recipient, and many SMS 2FA providers (such as those used by Twitter and Steam) can't make voice calls to landlines. To upgrade from pay-per-minute to unlimited would cost hundreds of dollars per year.

  17. You can stop there by SuperKendall · · Score: 2

    When plugged into a standard USB port

    Aaaand I stopped reading as I can say with confidence 99% of people will never use it.

    Just one of many problems - where do I put this on my iPad exactly? Or any mobile phone of any kind?

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:You can stop there by mentil · · Score: 1

      Remember Apple's new slogan:
      "There's a dongle for that."

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    2. Re:You can stop there by mark_reh · · Score: 1

      Yubikey Neo has NFC. I use mine with my phone all the time.

  18. Re:Just what I want, a browser with USB device acc by tepples · · Score: 1

    What sort of man in the middle attacks do you envision the machine you're using will be able to perform between the dongle?

    During the initial key exchange, when the U2F device sends its public key to the server, a man in the middle could substitute the public key generated by his own U2F device.

  19. Re:client-side key by tepples · · Score: 1

    Presumably the U2F key is more hardened against key extraction attacks than, say, someone with physical access to your machine and your user account's .ssh folder.

  20. Re:client-side key by CaptainDork · · Score: 1

    It works with Bluetooth and NFC, as well.

    --
    It little behooves the best of us to comment on the rest of us.
  21. I use a Yubikey, but there is one problem by mark_reh · · Score: 1

    I don't keep my keys in my pocket, so I always have to go get my keys out of my bag when I want to log into my gmail, etc. I don't want the thing hanging around my neck, and not sure I want it on my wrist. How do you keep the darned thing handy at all times? I think I need a NFC yubikey type thing implanted in my hand.

  22. Strong bindings between factors AND data channel by WaffleMonster · · Score: 1

    Well I've got to hand it to them at least this isn't just another tired old token passing scheme running over TLS. There appears to be something "ChannelID"? I don't really understand the specifics that seems to bind something from USB card with the underlying TLS session.

    Still I have three comments.

    1. If your going to do this why not deploy client certs and have your card store private keys for each site and just push all responsibility for interface (special standard for pkcs12 download, user attention..etc) to the browsers. If you did that you wouldn't need ANY low level server side changes at all to take advantage of it and browsers would have more freedom to manage key storage.

    2. Better to enter "what you know" into "what you have" than entering them separately.

    3. The problem with all of these schemes is they are a single point of failure. Lose, forget to bring or break your USB stick and your fucked as a result. I don't expect very many sites that are not banks or something really important to even go here. Nobody is honestly willing to deal with both "I forgot my password" and "I lost my key".. so you'll end up with some sort of bypass like password questions that ruins the security of the system while making people "feel" secure because of all of these other worthless hoops they are going through.

    I still think a better (as in practically useful across the board in line with what users and operators are willing to accept) approach to web security after an initial account creation step is use of secure password authentication protocols instead of the crap we have now where passwords are entered into adhoc web forms.

    Teaching people to enter passwords only into specific dialogues in their browsers at least would provide some hope of some people not getting owned by all of the lame phishing shit out there. TLS-SRP for example provides secure authentication without requiring certificates or leaking material that can be used for offline attack rendering connecting imposter sites both harmless and easy to recognize and since authentication is used to encrypt the underlying session PKI is optional although recommended to provide privacy protection against disclosing user identity in the clear during handshake. The patches necessary to enable this continue to collect dust in many of the major browser vendors ticketing systems.

  23. During registration only, not logging in by raymorris · · Score: 1

    It is important to note that could happen, if the MITM defeats the SSL/TLS session, only while the user initially REGISTERS for the service. The public key is not sent each time the user logs in.

    1. Re:During registration only, not logging in by tepples · · Score: 1

      Please allow me to clarify:

      When the user registers while connected through MITM, the MITM impersonates the server to the user and the user to the server, providing the MITM's public key to the server instead of the user's. Then each time the user logs in while connected through the same MITM, the MITM contines to use its own keypair instead of the user's to respond to the server's challenge.

      If that doesn't make sense, then could you summarize what information is sent?

  24. Re:Mandatory? Privacy killer! by Anonymous Coward · · Score: 2, Interesting

    Not only that it KILLS anonymity, a basic human right for those who choose it and do no wrong with it.
    First you have to BUY these things which is traceable.
    Then they want you to use the *same* thing for all your accounts.
    What a fucking joke!
    Ever hear of The Federalist Papers, Bitcoin, or any other anonymous work of high import, influence, and so on?
    All not possible without per instance anonymity and privacy.

  25. Lost by SumDog · · Score: 1

    So what happens when you lose one of these things? Do you have to wait a week for a new one to arrive in the mail to access any of your accounts?

    1. Re:Lost by darkain · · Score: 4, Informative

      The sites give you 10 temporary one-time keys to use, designed to be printed out and stored in a lock box. These are used for emergency access when the physical device is unavailable.

    2. Re:Lost by Rockoon · · Score: 1

      Thats "something you know" for sure, not "something you have."

      So its all the downsides of 2-factor authentication, without being 2 factor authentication.

      --
      "His name was James Damore."
  26. Re:client-side key by darkain · · Score: 2

    The keys have a physical button on them an an LED. the LED starts flashing when the browser makes a request, and to authenticate, the user MUST press the button for the embedded circuit to process the encryption request.

  27. Yubikeys by darkain · · Score: 5, Informative

    https://www.yubico.com/ - Yubico, the makers of Yubikeys, is the primary company and primary devices that Google, Facebook, Github, Dropbox, and others use. Reading the various comments here on Slashdot, I just want to quickly clear a few things up. Some think this is just a theoretical API. No, it is fully implemented, and the hardware has been on the market. I've been using my Yubikey for over a year now. The thing is fucking amazing. The key supports several different modes, so let's go through a few of them really quick to clear up concerns from above.

    The type of authentication mentioned in TFA works by plugging in the USB key. After that, the browser makes a request to the key. The key then has an LED that starts blinking to indicate said request. The key does *NOT* process the request until the button on the key is pressed. The encryption key stored on the physical key also can NOT be read off of it at all, the device handles processing of the initial request. (yes, admittedly, this is slower than a normal CPU, it takes 1-2 seconds to process)

    There are other modes, too. There is a mode which works exactly like Google Authenticator, where you can register 2-factor codes with it. The generated time based codes can then be read back either by USB or by NFC on a phone/tablet. This has the added advantage of the fact the seed for the time code is not retrievable from the device. The only thing the device will transmit out is the calculated time-based code. This has an advantage over Google Authenticator, where a compromised phone could easily leak the seed values and generate new time based codes. This calculation instead happens on the key, and only the final result is returned instead.

    This device also works with PuTTY for SSH authentication. This is by *FAR* my most favorite feature. TortouseGit on windows also uses PuTTY for authentication, so this includes source code. You can pull out the public key from the device, and use the device to authenticate yourself anywhere that supprts SSH. I personally use this to authenticate into a cluster of servers that I manage.

    This device includes a static password, too. Not everything supports these newer modes. There are a couple services that I use which dont. A randomized password up to 32 characters can be stored on the device, and with a single press of the button will emulate a keyboard and type it in. This is much MUCH easier than trying to type in long complex passwords which use tons of extended characters. But again, this caps at only 2 passwords (the device has 2 "slots" total, and other things such as the method mentioned in the article takes up 1 of those slots as well)

    But pretty much every concern I've seen in the comments on this page are all directly addressedon the Yubico web site. These guys have thought of pretty much thought of every possible scenario imaginable. This isn't just some weekend project. This is a serious security product help designed and implemented by some of the largest tech firms in the world who have a serious stake at securing their own networks. The price for the keys are really not bad, so yeah, I'd personally recommend them.

    1. Re:Yubikeys by ChoGGi · · Score: 1

      As mentioned it has slots for two different keys you can program in. Why are you using a pw manager without support for two factor (I prefer using passwordsafe myself)?

    2. Re:Yubikeys by CRC'99 · · Score: 1

      As per the GP, I've also used a Yubikey for years. Mine is the original one that doesn't support 2UF, but I've been using it for many things - including some of my own applications in OTP mode.

      OpenVPN - Username + OTP.
      SSH - Private Key + OTP from unknown sources (else just key).
      Admin account on my hosting platform: email + password + OTP (written in perl).
      Lastpass - Username + Password + OTP.

      In the many years since I've had this key (remember, this is one of the first they made), I've had their validation servers go down once. Newer methods available on the newer keys make this problem go away.

      I've been seriously thinking of upgrading (4 generations) of key to the latest and greatest, but good old OTP mode does what I need for now. That 2UF sure looks perdy though.....

      --
      Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
    3. Re:Yubikeys by bernywork · · Score: 1

      SecureCRT also supports PKI based SSH authentication, it's without fail the best terminal emulator around. (Win / Mac / Linux)

      I really do feel odd posting this to Slashdot (I feel like I'm going to get crucified for a slashvertisement), but I've used their stuff for years and they're worth a mention.

      --
      Curiosity was framed; ignorance killed the cat. -- Author unknown
  28. Re:client-side key by edtice1559 · · Score: 1

    Which is still way better than single-factor authentication

  29. Re:Seriously, security dongles. That's the old new by edtice1559 · · Score: 1

    The registering by phone *is* a form of two-factor authentication. You've just made the case for it. This is an improved form of two-factor authentication because it's too easy for phone numbers to get assigned to new devices. The SMS second-factor tends to work great against mass attacks and also protects low-value targets but is pretty much useless against a targeted attack. Too easy to walk into any mobile phone retailer and claim you lost your SIM card.

  30. Re:Strong bindings between factors AND data channe by edtice1559 · · Score: 1

    The problem with client certificates is that you have to install them on a device before using the device. So you can only login from a device you completely trust. This is just another form of something you know. It's not a second factor. With U2F you can, in a pinch, login from say a computer in the library and not worry that your certificate just got compromised.

  31. Re:Strong bindings between factors AND data channe by WaffleMonster · · Score: 1

    The problem with client certificates is that you have to install them on a device before using the device.

    The browser can grab them from anywhere it can anytime it wants. It can also pass-thru cert validation to physical trinkets that look like USB sticks or credit cards the same as smart cards have been doing for ages.

    So you can only login from a device you completely trust. This is just another form of something you know.

    It's not a second factor.

    No it is clearly something you have. Using trusted system is an implied baseline requirement. It isn't ever optional. This business of logging on from devices you don't trust = GIGO.

    With U2F you can, in a pinch, login from say a computer in the library and

    This limitation does not exist with my suggestion to just use client certs. There is no reason to assume browser is the entity that must offer a proof of possession to server. I just don't see the point of reinventing the wheel.

    not worry that your certificate just got compromised.

    Well there is that... I'm not sure what value this has to normal people who prefer criminals not transfer every penny out of their bank account or send all of their friends ransomware... but hey at least your certificate didn't get compromised.... hurray.

  32. Re:Yep, almost impossible. by UziBeatle · · Score: 1

    I'd have gone with:

      Your account are all belong to us.

     

    --
    Something between the lines jumps out and bites your arm off. Soltan Gris / London
  33. Re: Just what I want, a browser with USB device ac by Anonymous Coward · · Score: 1

    It takes one phone call to your mobile provider and a little bit of a sob story to have your cell phone number rerouted. You don't even have to be a high profile target. These days, crooks who prey on tourists and hotel guests have the expertise to launch this type of attack. Ask me how I know :-(

  34. world's best hope??? by MadMaverick9 · · Score: 1

    That would be John Connor.

    John Connor is leader of the Worldwide Resistance and last hope of humankind.

  35. Re:Strong bindings between factors AND data channe by edtice1559 · · Score: 1

    Congratulations, you've just described U2F!

  36. Wait! by DaMattster · · Score: 1

    Isn't this what the yubikey is supposed to do? I mean it isn't exactly open but it does provide a nice easy 2FA.

  37. Github 20% Off by brunes69 · · Score: 1

    Don't forget to log in with your Github.com account for 20% off!

    I just ordered 2, these sound useful.

  38. Advertisement? by wizden · · Score: 1

    This really reads like an ad.

  39. Re:Strong bindings between factors AND data channe by WaffleMonster · · Score: 1

    Congratulations, you've just described U2F!

    What I described is a smart card .. something that has been widely used for over a decade.

    The difference in not reinventing the wheel with U2F is you don't need to modify servers to support experimental channel binding extensions. This can be deployed without modifying existing servers.

    "Google is very much a not-invented-here, build it ourselves culture."
    -Eric Schmidt

  40. Sounds good to me by raymorris · · Score: 1

    That sounds good to me. What that means, of course, is that the attack wouldn't work for a site you already have an account with (barring combining it with probably two other attacks, plus the MITM, for a total of four simultaneous successful attacks).

    1. Re:Sounds good to me by tepples · · Score: 1

      Someone behind an authoritarian nation-state's MITM would probably have created the account while in the same country.

  41. Re:Just what I want, a browser with USB device acc by Kernel+Kurtz · · Score: 1

    SMS is an attempt at "what you have", with lots of caveats.

    Better than nothing - everyone has a phone. Not many people will buy dongles or tokens.

  42. Re:Strong bindings between factors AND data channe by edtice1559 · · Score: 1

    Instead it requires specialized hardware be deployed at each endpoint!

  43. Re:Any computer, anywhere in the world? by ebvwfbw · · Score: 1

    Of course. I have a machine right over here you can use to access your most important accounts, files and data. Feel at home.

  44. Re:Just what I want, a browser with USB device acc by sexconker · · Score: 1

    You're simply wrong. It's just bits on the same wire. The fact that a typical user doesn't know the code without the dongle just means it's prone to failure.

    It's no different than having your child type in 12 extra characters that you don't know at the end of the password you do know. You're passing off the knowing to someone or something else doesn't make it more secure, it makes it less so than if you had simply used a unique, random password.