Refeds


Subject Re: FIDO U2F
From "Leif Johansson" <leifj@xxxxxxxx>
Date Mon, 26 Oct 2015 03:11:29 +0100



> 25 okt 2015 kl. 17:26 skrev Mike Schwartz <mike@xxxxxxxx>:
> 
> 
>>>> and the U2F/FIDO 2.0 stuff that yubico, google and msft run with.
> 
> I see no indication that Microsoft will support U2F... if any one can point me to a link, I'd appreciate it. In the road map for Edge, msft only talks about future versions of FIDO.

cf below 

> 
> I think that you are underestimating the potential of U2F. Github, Dropbox, and several other SaaS providers support it.

you must have misread me - ibelieve u2f will win an fido2 is essentially u2f

> Also, if you search Amazon for U2F, you'll see three vendors for U2F keys, with more coming (nitrokey is working on an open hardware version). So it's not just yubico...
> 
> Also, Mozilla is close to a plugin, which would make Chrome not the only option. I have talked to the engineering team at opera, which is embedded in a lot of hardware,  and that has promise.
> 
> Finally, the Gluu Server has U2F endpoints built in.  We have found the enrollment and authentication workflows useful not just for U2F hardware tokens,  but we're also upgrading our free mobile push 2FA project, oxPush, to use our U2F endpoints.
> 
> So net-net, U2F is really interesting.  The economic model is very attractive. An organization can support U2F, and instead of issuing people tokens,  just tell them that if they want 2FA, they can buy a token on Amazon, which is also good for many SaaS services.  From a liability perspective, by offering U2F, if anyone gets broken into, the most they can sue you for is snot $15, if the source of the beach was passwords. Because if security was important to them,  they could have just bought a key. With the price of U2F keys heading towards the price of your house keys,  this is not unreasonable.
> 
> I know this crowd loves the idea of open hardware, so if you want to see cheaper u2f tokens, the key is volume.  Support nitrokey...
> 
> And if you want to try u2f, it's ridiculously simple with the Gluu Server. Just click 'enable'. There is a video on our website. And at the same time you'll get an MIT license OpenID Connect and UMA server...
> 
> - Mike
> 
> 
> 
> 
> -- 
> ------------------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> mike@xxxxxxxx