Responding to the increasing weaknesses of password-based security systems, the latest FIDO specifications promote an open, flexible, interoperable group of strong authentication offerings to reduce the continued reliance on single-factor username and password logins.
FIDO U2F aims to provide a simple user interface for proving that something physical, such as a token, is present during the authentication process. Per the FIDO Alliance's official news release earlier today, the specifications provide a new standard for devices, servers and client software, such as browsers, browser plugins and native app subsystems.
Any Web site or cloud application can now interface with a broad range of current and future FIDO-enabled authenticators, including Entersekt, for consumers, enterprises, service providers, governments and all other organisation types.
"Since joining the FIDO Alliance in early 2013, we have been hard at work making enhancements to our existing Transakt product to deliver a FIDO U2F-enabled solution for today's businesses and consumers," said Christiaan Brand, chief technology officer of Entersekt. "With the traditional one-time password (OTP) serving as nothing more than a Band-Aid for protecting users from increasing instances of fraud, we fully support the newly-introduced guidelines from the FIDO Alliance in order to combat advanced fraud attacks."
As a means of avoiding reliance on cumbersome OTPs and expensive hardware tokens, Entersekt's mobile-phone-based authentication product, Transakt, already leverages cryptographic keys to verify users of online systems. Based on the latest FIDO U2F specifications, Entersekt has developed a lightweight USB U2F bridge installed on a user's computer, allowing their browser to connect with the FIDO U2F-enabled Transakt app on their mobile phone for secure, convenient authentication. FIDO U2F authentication requests are automatically routed across a secure Internet channel to the user's mobile device for approval, without requiring any physical connection between their computer and mobile device. The user then simply taps "Accept" on their phone to complete the cryptographic sign-in process.
Following Google's announcement in late October that it has enabled support for the FIDO U2F protocol on all accounts, Entersekt's Transakt U2F is now available for use for all Google users. Individuals interested in trying Transakt U2F with their Google account can sign up for the solution at https://www.entersekt.com/u2f/.