One factor authentication requires a single step to verify your identity, such as knowing your username and password. Two Factor Authentication (2FA) provides another layer of protection against hackers by also requiring you to have something.
This ’something’ is typically your phone (for example Google will text a verification code to a phone number that it has on record), but can also be a photo ID, a retina pattern, handwriting style, voice pattern recognition, etc.
One handy form of secondary ID verification that works well over the internet is a USB security key, and the emerging standard for this is the FIDO U2F (Fast Identification Online Universal 2nd Factor protocol) promoted by the FIDO Alliance.
This standard, Version 1 of which of finalised in January this year, has already been adopted by leading USB security key manufacturer Yubico, as well as by Google, and support for it is now come to come baked-in to Microsoft’s upcoming Windows 10.
Microsoft also notes that it has been contributing to Version 2 of the standard,
‘I’m happy to announce Microsoft has contributed design inputs to the Fast IDentity Online (FIDO) Alliance, to be incorporated within FIDO 2.0 Technical Specifications. Transitioning away from passwords and to a stronger form of identity is one of the great challenges that we face in online computing, and we believe FIDO authentication, which is the subject of great discussion here at the White House summit, is the pathway to success. To address this challenge we joined the FIDO Alliance, where we are working alongside major industry partners to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to more securely authenticate users of online services.’
This means that Windows users will be able to lock down their machines, making them inaccessible without an authenticated FIDO USB dongle, and will pave the way to using simpler passwords but in a more secure way.
The Bank of America, PayPal and Microsoft already accept FIDO authentication, and because the FIDO is an open standard, it is expected to have a high adoption rate.