U2F: Universal 2nd Factor

These documents describe the Universal 2nd Factor open ecosystem initiative started by Google. The intent is to enable Internet users to carry a non-phishable strong 2 factor device which the user can register at any supporting site to get strong authentication security. The goal is to get many internet services accepting these devices as an option for 2nd Factor, get the key client platforms (browsers, OSes) to have built in support for these open-protocol devices and a large number of vendors making protocol compliant devices.

The documents below are a snapshot from when this was an internal Google effort. Google has now joined the FIDO Alliance to continue this work in a separate U2F working group. If you are considering joining FIDO and participating in the U2F work, you can get a good flavor from this pre-FIDO snapshot. We strongly encourage you to join us in FIDO.

A guide to the documents:

• • U2F: Overview for Partners

  • Read this presentation to get a framing overview of what U2F is trying to do. Read this elevator pitch to get the framing as a one pager.

• U2F: Product Overview: Easy Strong Auth for the web

  • Read this to get an overview of what the user problem is and the resulting product requirements

• U2F: Protocol Design + User Flows

  • Read this to get a detailed design background for the protocol and details of how the user flows work

• U2F Protocol and API Details

  • Read this to get a detailed sense for the intended protocol. Read the Protocol Design and User Flows document (listed above) first as background