View Single Post
Old 19 Jul 2016, 06:35 AM   #23
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007

Representative of:
Originally Posted by pjwalsh View Post
U2F and app-specific passwords are great advances in FM login security.
I'm of the opinion that its more secure and and more user-friendly than any other consumer-grade two-factor out there. I've been telling anyone that will listen and we're hoping to do more presentations about U2F in the future.

Chrome supports U2F, Firefox does not.
Sadly, Mozilla has yet to implement U2F support.
Others might list other browsers that support U2F.
All Chromium-based browsers should support it (Chromium, Chrome, Opera, Vivaldi, etc).

There is an extension for Mozilla, but no native support yet. I'm told that there are Mozilla engineers interested in it, but its currently quite difficult to do securely in Mozilla due to the lack of sandboxing. I'm sure they'll get there in time.

Amazon links for U2F capable keys:
We've tested with U2F devices from Hypersecu, Feitian, Neowave, Happlink and Nitrokey. At 9 euro the Nitrokey U2F is the cheapest one we've found, so it's certainly not expensive to get started.

Of course we'll continue supporting TOTP and other methods for the forseeable future.

Last edited by robn : 19 Jul 2016 at 06:40 AM.
robn is offline   Reply With Quote