Also this though: > Security Key and Chrome incorporate the open Universal 2nd F... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wlesieutre on Oct 21, 2014 \| parent \| context \| favorite \| on: Strengthening 2-Step Verification with Security Ke... Also this though: > Security Key and Chrome incorporate the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, so other websites with account login systems can get FIDO U2F working in Chrome today. It’s our hope that other browsers will add FIDO U2F support, too.

philip1209 on Oct 21, 2014 [–]

If you share the same FIDO U2F key between services, does that mean that one service could spoof tokens for a different service?

e.g. foo gets compromised, so attackers can generate codes for google apps.

ef4 on Oct 21, 2014 | [–]

No. There are no shared secrets. This is real asymmetric crypto.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact