How to enable FIDO U2F on Linux

Although some recent versions of Linux have built-in support for U2F security keys, many do not, and you may therefore have to make a minor system configuration change in order to allow the requesting web browser (such as Chrome) to communicate directly with your Key-ID U2F token via the USB port.

This is a system-wide configuration update that enables Key-ID U2F functionality on Linux for all users, and is entirely safe. It uses standard Linux udev rules, which allows you to identify and thus allow certain devices, based on their specific properties, such as its USB Vendor ID and Product ID.

The Key-ID FIDO U2F token has a Vendor ID (VID) of 096e (hex) and a Product ID (PID) of 0850 or 0880 (hex). To enable it on Linux, assuming you are running udev version 188 or later, simply create the file /etc/udev/rules.d/70-u2f.rules with the following contents:

# this udev file should be used with udev 188 and newerACTION!="add|change", GOTO="u2f_end"

# Key-ID FIDO U2FKERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0858|0880", TAG+="uaccess"

LABEL="u2f_end"

You will usually need to have full administrator rights in order to copy or save a file in this system folder. Once created, reboot your system and everything should spring into life!

This has been successfully tested by us and our customers on Linux Mint and various other distros.

Why compromise online security?