U2F: Universal 2nd Factor
These documents describe the Universal 2nd Factor open ecosystem initiative started by Google. The intent is to enable Internet users to carry a non-phishable strong 2 factor device which the user can register at any supporting site to get strong authentication security. The goal is to get many internet services accepting these devices as an option for 2nd Factor, get the key client platforms (browsers, OSes) to have built in support for these open-protocol devices and a large number of vendors making protocol compliant devices.
The documents below are a snapshot from when this was an internal Google effort. Google has now joined the FIDO Alliance to continue this work in a separate U2F working group. If you are considering joining FIDO and participating in the U2F work, you can get a good flavor from this pre-FIDO snapshot. We strongly encourage you to join us in FIDO.
A guide to the documents:
Read this presentation to get a framing overview of what U2F is trying to do. Read this elevator pitch to get the framing as a one pager.
U2F: Product Overview: Easy Strong Auth for the web
Read this to get an overview of what the user problem is and the resulting product requirements
U2F: Protocol Design + User Flows
Read this to get a detailed design background for the protocol and details of how the user flows work
Read this to get a detailed sense for the intended protocol. Read the Protocol Design and User Flows document (listed above) first as background