9

In the context of low- and mid-security applications (ie, 95% of the web), why isn't U2F good enough to be the only factor?

As far as I can tell, U2F very securely implements the "something you have" authentication factor. There's many web apps where one factor is good enough, but we still have all the issues of using passwords (reuse, remembering them, etc). So why has nobody at all said anything about using U2F alone for authentication?

AstraLuma
  • 191
  • 1
  • 5
  • 3
    The strength of U2F is to use it as a second factor. That way, if the "something you know" is compromised, the attacker still requires the "something you have". If you use the key instead of a password, the attacker only needs to acquire one factor. – Simon Oct 23 '15 at 01:10

3 Answers3

6

Here's the issue with U2F as being the only method of authentication: there is no verification that you are the rightful owner of the U2F device just because you have it in your possession. If U2F was the only form of authentication for everything, that would be like having one master key for your car, house, safe, safety deposit box, office door/building, and everything else. In our metaphorical situation, if someone stole that master key from you, they would have access to almost everything in your life.

Now, you may view my metaphorical "master key" scenario as being the same as a password, but this is the reason why people are encouraged to use several different passwords. Using different passwords is like having several different keys. Rather than having one key that unlocks everything, it's better to have different keys. If only one key is stolen from you, the thief only has access to whatever that stolen key works for. (e.g., if a thief steals your car key, he/she can only access your car.) This is still an unpleasant situation, but it's far better than that thief gaining access to everything you own. Likewise, people are encouraged to use different passwords so if a "thief" obtained one of your passwords, he/she would only have access to a limited number of your accounts.

Using only U2F is essentially comparable to using only one password for every website and using only one key for everything in your life. It's neither reasonable nor secure. As such, U2F should only be used as a second form of authentication in a two-step authentication structure.

Spencer D
  • 770
  • 1
  • 5
  • 13
  • As I noted in the other answer, though, you still need the list of websites and usernames for that master key to be any good. – AstraLuma Apr 27 '16 at 10:05
3

If someone steals my U2F, they get unfettered access to every site that uses it as a single factor, until I manage to remember every site I've used it and revoke it from all of them.

The level of effort to steal a U2F device out of my USB slot is orders of magnitude less than to steal the database for my password manager plus the password to unlock it. And if that is compromised, at least I can consult it for an authoritative list of the sites I need to rotate my passwords for.

Stephen Touset
  • 5,736
  • 1
  • 23
  • 38
  • Keyloggers/browser watchers/local malware are prevalent on the mass scale. In order for stealing my token to be useful, I have to be targeted (you have to have my key, know where to use it, and my unique identifier). You can't (metaphorically) walk up to a site and ask it who has this key. I would think that the value of a mass keylogger is much higher than an individual targeted theft, for random people. – AstraLuma Oct 22 '15 at 23:15
  • 1
    If there's malware on your computer, you're screwed anyway. Wait for you to log in via U2F, steal your session cookie, profit. – Stephen Touset Oct 22 '15 at 23:23
0

The main problem in using U2F token as the only authentication mechanism is that the server has no way to identify the user. Therefor the server can't send the correct key-handle and can't decide which public key to use for signature verification

YuvalJ
  • 23
  • 5
  • 1
    "single factor" usually implies the use of a username, ie U2F would replace the password, but you'd still use a username. – AstraLuma Apr 27 '16 at 09:55
  • This is a non-issue. You can ask for the user name, then prompt for the actual credentials. – andyn Jan 17 '18 at 09:58