#U2F

Pablo Álvarez Corredera

@cibered.com

10 months ago

Cómo el Factor universal de Segundo Nivel (U2F) mejora la Seguridad en Línea - CIBERNINJAS Las contraseñas han sido durante mucho tiempo la base de la seguridad en línea, pero sus vulnerabilidades son evidentes, desde errores humanos hasta ataques

🔐 El Factor Universal de Segundo Nivel (U2F) refuerza la autenticación y seguridad en línea #U2F #SeguridadEnLínea #Autenticación #CiberSeguridad #ProtecciónDeDatos #AutenticaciónDosFactores #CiberProtección

ciberninjas.com/como-el-fact...

Firefox

@firefox.activitypub.awakari.com.ap.brid.gy

1 year ago

Add WebUSB Support To Firefox With a Special USB Device The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date, only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to …read more

Add WebUSB Support To Firefox With a Special USB Device The WebUSB standard is certainly controve...

hackaday.com/2025/03/15/add-webusb-su...

#computer #hacks #Security #Hacks #firefox #U2F #WebUSB

Event Attributes

Firefox

@firefox.activitypub.awakari.com.ap.brid.gy

1 year ago

Add WebUSB Support To Firefox With A Special USB Device RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, GitHub) The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date, only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to increase security. The adjacent Universal 2nd Factor (U2F) standard also adds (limited) USB support to browsers. Sure, this is meant solely to support U2F USB dongles for two-factor authentication purposes, but as [ArcaneNibble] demonstrates using U2F-compatible firmware on a Raspberry Pi RP2040, by hijacking the U2F payload, this API can be used to provide WebUSB-like functionality. The provided demo involves flashing an RP2040 (e.g., Pico board) with the `u2f-hax.u2f` firmware and loading the `index.html` page from localhost or a similar secure context. After this, the buttons on the browser page can be used to toggle an LED on the Pico board on or off. You can also read an input back from the RP2040. This feat is made possible by the opaque nature of the U2F key handle, which means that anything can be put in this blob. This makes it a snap to pass data from the U2F dongle to the host. For the inverse, things get a bit trickier. Here the ECDSA signature is manipulated inside the ASN.1 that is returned to the dongle. Since Firefox performs no signature validation (and Chrome only does a range check), this works. The MCU also auto-confirms user presence by having the key handle start with `oxfeedface`, so the device works without user interaction. However, you do seem to get an annoying popup that immediately goes away. Of course, this only works if you create a special USB device for this purpose. That means your normal USB devices are still secure. While we know it could be a security risk, you can do some cool things with WebUSB. We’ve seen a few projects that use it.

Add WebUSB Support To Firefox With a Special USB Device The WebUSB standard is certainly controve...

hackaday.com/2025/03/15/add-webusb-su...

#computer #hacks #Security #Hacks #firefox #U2F #WebUSB

Event Attributes

Firefox

@firefox.activitypub.awakari.com.ap.brid.gy

1 year ago

Add WebUSB Support To Firefox With A Special USB Device RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, GitHub) The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date, only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to increase security. The adjacent Universal 2nd Factor (U2F) standard also adds (limited) USB support to browsers. Sure, this is meant solely to support U2F USB dongles for two-factor authentication purposes, but as [ArcaneNibble] demonstrates using U2F-compatible firmware on a Raspberry Pi RP2040, by hijacking the U2F payload, this API can be used to provide WebUSB-like functionality. The provided demo involves flashing an RP2040 (e.g., Pico board) with the `u2f-hax.u2f` firmware and loading the `index.html` page from localhost or a similar secure context. After this, the buttons on the browser page can be used to toggle an LED on the Pico board on or off. You can also read an input back from the RP2040. This feat is made possible by the opaque nature of the U2F key handle, which means that anything can be put in this blob. This makes it a snap to pass data from the U2F dongle to the host. For the inverse, things get a bit trickier. Here the ECDSA signature is manipulated inside the ASN.1 that is returned to the dongle. Since Firefox performs no signature validation (and Chrome only does a range check), this works. The MCU also auto-confirms user presence by having the key handle start with `oxfeedface`, so the device works without user interaction. However, you do seem to get an annoying popup that immediately goes away. Of course, this only works if you create a special USB device for this purpose. That means your normal USB devices are still secure. While we know it could be a security risk, you can do some cool things with WebUSB. We’ve seen a few projects that use it.

Add WebUSB Support To Firefox With a Special USB Device The WebUSB standard is certainly controve...

hackaday.com/2025/03/15/add-webusb-su...

#computer #hacks #Security #Hacks #firefox #U2F #WebUSB

Event Attributes

Firefox

@firefox.activitypub.awakari.com.ap.brid.gy

1 year ago

Add WebUSB Support To Firefox With A Special USB Device RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, GitHub) The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date, only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to increase security. The adjacent Universal 2nd Factor (U2F) standard also adds (limited) USB support to browsers. Sure, this is meant solely to support U2F USB dongles for two-factor authentication purposes, but as [ArcaneNibble] demonstrates using U2F-compatible firmware on a Raspberry Pi RP2040, by hijacking the U2F payload, this API can be used to provide WebUSB-like functionality. The provided demo involves flashing an RP2040 (e.g., Pico board) with the `u2f-hax.u2f` firmware and loading the `index.html` page from localhost or a similar secure context. After this, the buttons on the browser page can be used to toggle an LED on the Pico board on or off. You can also read an input back from the RP2040. This feat is made possible by the opaque nature of the U2F key handle, which means that anything can be put in this blob. This makes it a snap to pass data from the U2F dongle to the host. For the inverse, things get a bit trickier. Here the ECDSA signature is manipulated inside the ASN.1 that is returned to the dongle. Since Firefox performs no signature validation (and Chrome only does a range check), this works. The MCU also auto-confirms user presence by having the key handle start with `oxfeedface`, so the device works without user interaction. However, you do seem to get an annoying popup that immediately goes away. Of course, this only works if you create a special USB device for this purpose. That means your normal USB devices are still secure. While we know it could be a security risk, you can do some cool things with WebUSB. We’ve seen a few projects that use it.

Add WebUSB Support To Firefox With a Special USB Device The WebUSB standard is certainly controve...

hackaday.com/2025/03/15/add-webusb-su...

#computer #hacks #Security #Hacks #firefox #U2F #WebUSB

Event Attributes

niu tech

@niutech.fosstodon.org.ap.brid.gy

1 year ago

Waveshare RP2350-One passkey

Waveshare RP2350-One passkey

I am making a dirt cheap
@yubico Security Key alternative - a #passkey with #FIDO / #U2F / #FIDO2 / #WebAuthn support using $5 Waveshare #RP2350-One and Pico Keys: https://picokeys.com

Auric Crypto News

@auriccrypto.com

1 year ago

The Ultimate Way to Protect Your Online Accounts from Hackers USB security keys - like YubiKey, Google Titan, or Nitrokey - offer an extra layer of protection that makes hacking virtually impossible. They act as a

Imagine waking up to find your email, social media, or crypto account hacked. Your money and private data - gone in seconds.

There’s an easy way to stop this from ever happening - a simple USB security key.

auriccrypto.com/articles/gui...

#Cybersecurity #Crypto #Hacking #Security #U2F #Passwords

Itek.pl

@itekpl.bsky.social

1 year ago

Czym są klucze U2F i jak działają?
 Klucze U2F (Universal 2nd Factor) to sprzętowe narzędzia uwierzytelniania dwuskładnikowego (2FA), które oferują jedną z najbezpieczniejszych metod ochrony dostępu do kont internetowych oraz zasobów cyfrowych. #U2F
itek.pl/?p=22540

Tuta

@tuta.com

2 years ago

Tuta officially supports all major U2F security keys and authenticator apps to keep your private email account even more secure.

What is your preferred method of #2factorauthentication ? 🔑📱

Let us know in the comments! 📣

Tuta offers full support for #U2F & #TOTP to keep your account secure! 🔒
👉 tuta.com/blog/posts/w...

CNX Software

@cnx-software.com

6 years ago

USB connector-sized secure key for #FIDO2 and #U2F support for Google/Twitter/Github... two-factor authentication, and passwordless Microsoft accounts. #security

cnx-software.com/2019/08/09/som…

Grégory PAUL

@paulgreg.bsky.social

11 years ago

Hey, Google uses Yubikey for 2nd factor authentification https://support.google.com/accounts/answer/6103523 https://www.yubico.com/products/yubikey-hardware/ Never heard of #FIDO / #U2F before