U2F device is an Authenticator
, specifically, a FIDO Authenticator
that supports the Universal Second Factor FIDO protocol
U2F device, technically, is only supported for Multi-Factor Authentication (MFA) and not Passwordless Authentication as in CTAP2 and WebAuthN
U2F device interface types#
At the moment (2017-04-02) three interface types are specified in FIDO U2F
Unlocking is a test of user
and requires a token-specific Authorization Gesture
, such as pushing a button on a USB
device, tapping a U2F
device to an NFC
-enabled device such as a mobile phone or tablet, or pressing a button on a BLE
-enabled token or fob.
The user can use the same FIDO U2F device on all online services that support the U2F device protocol.
Existing FIDO U2F
Security Keys are largely compatible with the Web Authentication API
standard, though Web Authentication API
added the ability to reference a unique per-account "user handle" identifier, which older hardware tokens are unable to store.
that only support the §8.6 FIDO U2F
Attestation Statement Format have no mechanism
to store a user handle, so the returned userHandle will always be null.
There might be more information for this subject on one of the following: