Yubikey users stay tuned, Hardware Token-based 2FA gets integrated native into Firefox. Firefox 60 will be released 8. May 2018.
[caption id=”attachment_2288” align=”aligncenter” width=”500”] Yubikey, registration via Firefox 60. Picture: Mozilla Blog[/caption]
Good news for security fans, Mozilla will activate the two-factor authentification API by default in Firefox 60 which means FIDO U2F will be supported. Yubikey, Nitrokey or U2F Zero using these hardware tokens to get the conversation between the Browser and the hardware. Google already added support for it in Chrome v62. Web services like Gmail do support it already since one or more years but it’s not enabled by default because Google says the web should be ‘comfortable’ for everyone and some people might not want to use it.
Programs like Authy or Google Authenticator are supported as well. So developers can make the switch to provide an alternative login method.
Not many people using 2FA which is a sad fact but hopefully we see more people making the switch, personally I use a Yubikey Neo in combination with Authy for all my services like YouTube, Google, WordPress and more to make it harder to hack my login session.
I think some people are scared that they need to buy such a hardware key which is around 10-70 dollars or simply too lazy to do an extra step but once you are hacked you would regret it instantly. I see this as an important step forward in the right direction and I would love to see more apps and web services supporting it. The web changes daily and you should stay up-2-date and use the latest techniques to harden your overall security setup, this is one link in the chain.
Using Hardware Token-based 2FA with the WebAuthn API (hacks.mozilla.org)