Universal Second Factor (U2F)
–hassle free dual authentication security token
to strengthen online protection
Securely log into your account in a matter of
few seconds with U2F supported USB stick
Online security
is becoming a major concern due to frequent hi-tech hacks & online scamming
.We are living in a digital world where everyone prefer hassle free online
services but every technology has pros & cons where it’s pretty effective
& convenient to use, it can be very dangerous too once your credentials get
laid in a wrong hand. There are enough malware companies & online frauds to
trick costumers into revealing their login credential to access bank accounts,
demat accounts online payment services & other social media accounts. As
hackers are getting smarter we got to think ahead of them to secure ourselves
from online frauds. We want to have both hassle free & secure access to our
account though it was not easy to carry out both.
To protect our accounts
from password cracking hacks like brute force attack we need to have a strong
password which will have numerics & combination of weird alphabets throwing
in some capitalization spiced up with some symbols which almost sounds &
look like gibberish to sign in our head then we give up & compound our
folly with same weak & easy to remember passwords like our pets name D.O.B
“password1” & so which can be hacked through social engineering like a
child’s play. Unfortunately even strong passwords aren’t enough to secure from
ever increasing cyber crime
In an attempt to
overcome the risk of password cracking universal two way authentication came
into existence. Let me explain you what does universal authentication mean-we
secure our accounts with username/email ID & passwords these credentials
are stored within the database & whenever we require to login to our
account we are asked to enter our credentials which the system will verify checking
into the database once it’s found it’ll be universally authenticated & you
will be logged in, well this is one way authentication which requires only
password to login. So whoever gets hold of your password can easily bypass this
system. Two way authentication eliminate this vulnerability of accessing
account with just the password as it require two things-1) something you know
that’s password 2) something you have
like verification code send to your mobile device or email and you prove it
that you have access to your verified device. Smart cards & bank cards like
debit or credit cards is currently using same technology as it requires both a
physical card which you will have & pin number which you know ,without
either of these missing you cannot do a transaction. Google is already using
this technology for a long time but it has now improved by bringing in the
concept of universal second factor
Although dual
authentication provide us with double layer of
protection it is also kind of
clumsy to use as we’ll need to check out our phone or email ID for the
verification code & then get back to the login process, so it’s like a
headache when we are in a hurry. However hackers can set up a look alike site
that ask you to provide your verification code hence we can be tricked in that
case too.U2F technology spare us with this burden as it provides super easy way
to login to our any numbers of online accounts securely with two ways
authentication by just inserting a USB device having
the security key pre installed in it, which will be automatically identified by
the browser & voila you are done without even needing client software or
driver so say goodbye to looking up into verification code then jumbling with
it to login. Google U2F provides protection against phishing scams as it uses
cryptography instead of verification codes & automatically works with only
the website it is supposed to work. Hope you all have understood the basic of
U2F let’s move on to its technicalities & working.
U2F was made by
Google with Yubiko working in partnership with contribution from NXP. This standard
is in use by FIDO alliance which includes Google, Microsoft, PayPal, American
Express, Visa, Intel, Qualcomm, ARM, Bank of America & many other massive
companies .Soon this technology will be all over the web. To use U2F you need
to buy to buy a small security key USB device with the FIDO U2F logo that you
insert into your computer’s USB port. U2F currently only works with Google
chrome browser version 40 or newer, although it is compatible with all OS like
Mac Microsoft or Linux. When you insert the USB device, the chrome browser on
your computer can communicate with the USB security key through secure
encryption & provide the correct response that lets you log into a website.
It provides protection from man in the middle attack also as the verification
is directly send to the USB that too securely encrypted so there is no chance
of data leak over a vulnerable network.
This U2F
security key is linked with your Google account & you can use it with all
your devices to securely log into your various online accounts. So you can
carry this little USB device as a car key with you always & use it to get
into your accounts easily on the go. It has some inconvenience too as it
requires a USB port to connect to so it is not compatible with a mobile-only
users but in near future it will with paired Bluetooth device to enable mobile
phone U2F application. You have to be extra careful not to lose it because once
it gets into the hand of someone who knows your password then it’ll serve as a
full plate meal to snob off your account.
So overall it’s
a smart technology to strengthen online security covering all possible
loopholes in internet. It provides both quick & secure access to our
accounts so we can easily do online transaction on the go without worrying
about risking our confidentiality. Soon all type of business will be backed by U2F technology to
offer simple & protected two way authentication. As hackers are getting
more sophisticated strong password are no longer secure to protect us so we
need to upgrade our arsenal with smart technologies to step up our defence.
No comments:
Post a Comment