FIDO U2F frequently asked questions
What does FIDO mean?
What does U2F mean?
What is a U2F security key or token?
When a key is registered for use with an account service, a dedicated public and private key pair is generated on the device. These PKI key pairs are then referenced and used by each party involved in the registration, enabling strong authentication and allowing one device to be used with an unlimited number of services.
What is two-factor authentication or 2FA?
The components typically include some physical object in the possession of the user (such as a USB security key or token, a bank card, etc.) and something known only by the user (such as a password, PIN, etc.).
Requiring a physical security token or key, in addition to username and password, to sign-in to online services protects against the risk from stolen/hacked/phished/cracked passwords.
Managing account access with the FIDO U2F security key
Managing account access
Do I need admin rights on my computer to set-up or install drivers for FIDO U2F keys?
How do I sign-in using a USB FIDO U2F key?
Once you have registered your key with a U2F supporting service or application, the next time you log-in to that service you will be asked for your username and password as normal, and then prompted to insert your U2F key and press the button. You should then be granted access.
Do I just plug the security key in, when I sign-in, and does it need to stay plugged in?
Once you have registered your key with each online service (such as Google, Dropbox) you want to use it with, when you sign-in to those services in future you’ll be prompted to insert it and push the little button. Once you are successfully logged-in you can remove the key from the USB port of your device.
Do I need to put the key in every time I use Gmail or can you say ‘remember me’ or ‘don’t ask me again’?
The FIDO U2F key is normally required at the time of every login, but when signing-in to Google you can select the ‘don’t ask me again’ option, which means you will be asked for a password but not always asked for your security key when logging-in on the same device.
Can I use the same single key with multiple Gmail accounts?
Yes, one FIDO U2F Security Key can be used to secure multiple accounts, including multiple Gmail accounts.
FIDO U2F compatibility
FIDO U2F compatibility
What browsers and operating systems already, and will, support U2F?
Chrome (version 40 and later) for Windows, OS X, and Linux has U2F support built-in.
Mozilla is currently building-in U2F support and there is a plug-in available for Firefox version 38.0a1, or later. This plug-in may not work with all services, such as Facebook.
Microsoft is working within the FIDO Alliance to bring support to Windows 10.
How do I use my U2F key on Linux?
For security, many versions of Linux prevent web browsers such as Chrome from talking directly to USB devices such as your Key-ID FIDO U2F security key. For details of how to enable U2F on Linux, please follow these instructions.
Does FIDO U2F authentication work with all Chromebooks?
Yes, provided they are running an up to date version of the Chrome operating system and have a USB slot.
How many service accounts can I use a single U2F key or token with?
One U2F key or token can be used with any number of U2F secured accounts.
This means the same U2F token can be used for Google Apps (including Gmail) and Dropbox and GitHub and other accounts.
Is the Key-ID U2F security key certified by the FIDO Alliance?
Yes, it is fully tested and certified to comply with the U2F specifications, version 1.0, under the name ePass FIDO.
What online services work with FIDO U2F?
The growing list of services includes: AuthAnvil, Bitbucket, Dashlane, Digidentity, Dropbox, Duo Security, Facebook, FastMail, GitHub, GitLab, Gluu, Gmail, Google Cloud, Google Drive, Google Wallet, Google+, G Suite, GreenRADIUS, LinOTP, Linux PAM, privacyIDEA, Salesforce.com, Sentry, SpaceCP, StrongAuth, WordPress.org.
Do U2F keys work with Dashlane password manager?
Yes it supports U2F log-in.
Do U2F keys work with LastPass password manager?
Not currently. FIDO U2F support is planned for future.
Do U2F keys work with KeePass password manager?
No. While KeePass does have capabilities to work with different USB hardware token standards, it does not currently support the U2F standard.
Can I use a FIDO U2F key for Windows login?
Not currently. Microsoft is working within the FIDO Alliance to bring support to Windows 10.
FIDO U2F security key maintenance
FIDO U2F Maintenance
What happens if I lose my FIDO U2F key?
To register your U2F key with an online service first requires that you enable 2-step authentication for that particular service. This means alternative, although less convenient, methods may also be enabled and used if required as a temporary fall-back. Google and Dropbox provide a set of back-up access codes when setting-up 2-step authentication, which can be used to allow you access your account.
Is it possible to identify the user of a particular U2F key?
U2F security keys are designed to be anonymous to online public services. Each time a U2F key is registered with an online account new cryptographic secrets are generated for use with that specific account and no information about the person’s real identity is linked to the key itself. This means that if someone finds a lost key they are not able identify the previous owner, it also means the same key can be safely re-used by a new owner for their own accounts (even for the same online services used by the previous owner).
Does the Key-ID FIDO U2F key token need batteries?
No batteries are required.
FIDO U2F security key for businesses
FIDO U2F for businesses
Can I use U2F security keys to enable strong two-factor authentication for my enterprise?
Does U2F & 2-factor authentication work with single-sign-on?
This depends on the specific application.
Salesforce.com: Logging-on via SSO, using an IdP (Identity Provider), can also be set to require two factor authentication.
G Suite: If SAML single sign-on (SSO) is enabled for your domain Google’s 2-Step Verification will not apply when logging-on through your SSO.