3

I have a yubikey which supports only U2F. It doesn't support FIDO2. I read about U2F and i understand how it works.

  1. When i test my Yubikey for WebAuthn on https://webauthn.io it works. I wanted to know how WebAuthn works with my Yubikey when there is no support for FIDO2 on my yubikey?

  2. When they say FIDO2 is backward compatible with U2F, does it mean once register my key for FIDO2, it can be used for U2F as well?

  3. If register my key for U2F, can it be used for FIDO2?

Jack
  • 63
  • 5

1 Answers1

2
  1. Because WebAuthn is backwards compatible with U2F.
  2. Yes.
  3. Yes.

To your U2F key, a website using WebAuthn just looks like a website using U2F. There are certain WebAuthn features that can't be used with your U2F key (such as storing a userHandle), but for the most part the standards are very similar.

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50
  • Thanks for your response. For #1, if FIDO1 key supports webauthn is there any strong reason to move to FIDO2 key apart from unable to use userHandle ? Also apart from webauthn, does FIDO2 has any major feature? – Jack Sep 15 '19 at 05:57
  • For #1, when you say "webauthn is backward compatible with U2F" when i go to webauthn.io with my FIDO1 key is it just using U2F key for webauthn? Thanks in advance. – Jack Sep 15 '19 at 06:03
  • @Jack Yes, as far as the key can tell, it's actually just doing U2F. And no, there's no reason not to use a U2F key with WebAuthn. The WebAuthn standard is more extensive, allowing for different types of keys (such as being able to build a software key into a browser, using a software key on a phone, etc). – AndrolGenhald Sep 15 '19 at 09:43