+1 I would love love love to have U2F in Firefox.
(Also, Dropbox supports it too, just as a data point: http://blogs.dropbox.com/dropbox/2015/08/u2f-security-keys/ ) On Thu, Nov 5, 2015 at 5:18 PM, Jeroen Hoek <jeroen.h...@lable.nl> wrote: > In December 2014 the first public release of the Fido alliance's > Universal 2nd Factor (U2F) specification was published. The idea behind > this open specification is to provide a secure two-factor authentication > method with affordable hardware keys and a friendly UX. > > If I buy a hardware key that implements Fido U2F today, I can use it to > log on to Google's GMail and Github. It is possible to use the same > hardware key with any web service offering Fido U2F support, by design. > The specification allows for three methods of communication: USB, NFC, > and Bluetooth Low Energy (BLE). > > For Fido U2F to work, a browser implementing this technology is required. > > > There is an issue about Fido U2F support in Firefox: > > https://bugzilla.mozilla.org/show_bug.cgi?id=1065729 > > Unfortunately, this issue appears to receive no priority from Mozilla. > Reading the comments in this issue, it appears that despite the > attractiveness of the Fido U2F specification, developers see support in > Firefox as a deal-breaker. Personally, I feel that a security technology > such as this needs at least one free software browser to support it to > provide a viable alternative. > > Judging from the bounty placed on this Firefox issue (currently > exceeding 1000 USD), there appears to be a fairly strong community > desire to see this feature implemented. Commenters on the issue are, > however, worried about the (perceived lack of) priority afforded to this > issue. > > Developers participating in the issue recommended we post questions > about the prioritizing of this issue to the mozilla.dev.platform mailing > list. My apologies if this is not the place to discuss this issue. > > -- > > Is Fido U2F a technology that Mozilla can endorse and support? > > Could this technology be considered for inclusion in Firefox? > > -- > > Some background on this technology for those who are unfamiliar with it: > > The full Fido U2F specifications are available for download here: > > https://fidoalliance.org/specifications/overview/ > https://fidoalliance.org/specifications/download/ > > Specifically, the U2F overview may be interesting if you want a more > in-depth architectural overiew: > > https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-overview.html > > > Google announced support for Fido U2F a year ago, in October 2014, and > Chrome currently implements the Fido U2F standard: > > https://googleonlinesecurity.blogspot.nl/2014/10/strengthening-2-step-verification-with.html > > > Microsoft is backing this standard as well: > > https://blogs.windows.com/business/2015/02/13/microsoft-announces-fido-support-coming-to-windows-10/ > > > Yubico is one of the driving forces behind the Fido specifications from > the manufacturers side. They produce USB and NFC hardware tokens that > can be used with open security standards such as OATH-HOTP and > OATH-TOTP. Their recent line-up includes Fido U2F support as well: > > https://www.yubico.com/products/yubikey-hardware/ > > Yubico on Fido U2F: > > https://www.yubico.com/applications/fido/ > > Yubico is not the only manufacturer — other Fido-certified keys can be > found on Amazon — but they do appear to have a leading edge. > > > I am personally interested in Fido U2F from a professional standpoint. > The possibility to provide affordable two-factor authentication either > through USB, NFC, or BLE is appealing, and my employer is considering > opting for this standard to secure the health care software services we > provide — cross-browser support is, however, a requirement. > > I am not affiliated with the Fido alliance or its backers. > > -- > Kind regards, > > Jeroen Hoek > > Lable > ✉ jeroen.h...@lable.nl > GPG: 44D4 1D39 535A 1F9A 9509 92C5 A7A8 B913 D40D D022 > > http://lable.nl — KvK № 55984037 — BTW № NL8519.32.411.B.01 > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
