[Security-discuss] [Architecture] Fwd: YubiNews: Google Releases Support for FIDO U2F Powered YubiKeys

Tony Atkins tony at raisingthefloor.org
Thu Oct 23 04:24:15 EDT 2014


Hi, Gregg:

Thanks for sharing the link.  This sounds like the kind of thing that
should be supported if it gains traction, but is not something we can
exclusively rely on, as it does not work at all for mobile. RFID and NFC
are a much better choice there.

I'm also wondering how much lab maintainers are concerned about "bad USB":

https://srlabs.de/badusb/
https://www.youtube.com/watch?v=nuruzFqMgIw

If this gains traction in the wild, I would not be surprised if public
stations (one of our key use cases) limit access to USB ports to their
users until there are stronger safeguards.  Again, having a trusted NFC
reader installed by the lab owner is a better option here than allowing
arbitrary USB devices.

For wider adoption, given that nearly all computers do not come with NFC or
RFID readers, cheap and easy to use USB devices that we can build on top of
are worth considering, especially since they already have a node module to
handle the authentication:

https://www.npmjs.org/package/yub

Has anyone purchased one of these to try out?  They're around the same
price as a low-end NFC ring, so it's not unreasonable to just get one and
do a bit of research.

Cheers,


Tony

On Wed, Oct 22, 2014 at 6:36 AM, Gregg Vanderheiden <gv at trace.wisc.edu>
wrote:

>
>
> *gregg*
> --------------------------------------------------------
> Gregg Vanderheiden Ph.D.
> Director Trace R&D Center
> Professor Industrial & Systems Engineering
> and Biomedical Engineering University of Wisconsin-Madison
> Co-Director, Raising the Floor - International -
> http://Raisingthefloor.org
> and the Global Public Inclusive Infrastructure Project -  http://GPII.net
>
> Begin forwarded message:
>
> *Subject: **YubiNews: Google Releases Support for FIDO U2F Powered
> YubiKeys*
> *From: *Yubico <newsletter at yubico.com>
> *Reply-To: *Yubico <newsletter at yubico.com>
> *To: * <gv at trace.wisc.edu>
> *Date: *October 21, 2014 at 8:11:08 AM CDT
>
> Google Releases Support for FIDO U2F Powered YubiKeysView this email in
> your browser
> <http://us4.campaign-archive1.com/?u=f089f8c003910ccc8b7308b56&id=4f9b1d479d&e=1e2e553ee9>Google
> Releases Support for FIDO U2F Powered YubiKeys
>
> YubiFriends,
>
> Today is a good day for the Internet.
>
> Now you can get your online Security Key at Amazon. A key that you own and
> control and that allows you to instantly and securely login to Google
> Accounts - and any number of service providers who choose to adopt FIDO
> Universal 2nd Factor authentication.
> As a driving contributor of FIDO U2F specifications, Yubico celebrates
> this event by releasing a new bright blue and U2F-only version of our
> YubiKey.
>
> More from our CEO & Founder, Stina Ehrensvard
> <http://yubico.us4.list-manage.com/track/click?u=f089f8c003910ccc8b7308b56&id=d00c32040b&e=1e2e553ee9>*Copyright
> © 2014 Yubico, All rights reserved.*
> You're receiving this email because you opted in at our website or during
> a purchase on our web store. If you wish to unsubscribe or update your
> subscription preferences, just click on the links below.
>
> unsubscribe from this list
> <http://yubico.us4.list-manage1.com/unsubscribe?u=f089f8c003910ccc8b7308b56&id=1583d0035b&e=1e2e553ee9&c=4f9b1d479d>
>     update subscription preferences
> <http://yubico.us4.list-manage1.com/profile?u=f089f8c003910ccc8b7308b56&id=1583d0035b&e=1e2e553ee9>
>
>
>
>
> _______________________________________________
> Architecture mailing list
> Architecture at lists.gpii.net
> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gpii.net/pipermail/security-discuss/attachments/20141023/c3fb849c/attachment-0001.html>


More information about the Security-discuss mailing list