New authentication method protects against fraudulent pages

Oct 22, 2014 00:53 GMT  ·  By

FIDO Alliance’s Universal 2nd Factor (U2F) protocol has found another company to adopt it, as Duo Security announces integration with its products.

Support for FIDO U2F has also been announced by Google on Tuesday, informing that the new authentication validation method works in Chrome starting version 38.

Duo Security, a company providing elegant multifactor authentication solutions for logging into restricted spaces, explained its adoption of U2F as a simplified two-factor validation process that does not require any secondary verification codes to be provided in order to access an account.

One of the advantages of the new method touches on phishing, as it completely eliminates such a risk, because it relies on public key cryptography to determine whether the website it pairs with is legitimate or not. As such, when a fraudulent address is provided, the device will simply not log the user in.

This way, the user is protected against phishing, which is the most prevalent attack vector at the moment. For now, U2F does not work with other web browsers and there is little outside Google services it can be used on.

“Our goal at Duo is to enable organizations of all sizes to adopt multifactor authentication within their solutions platform. By offering support for U2F and other hardware tokens, we continue to democratize two-factor for everyone,” said Sally Feller, PR manager at Duo Security.