+1
Under review
Michel Meyers 2 weeks ago • updated by 5b895086 2 days ago 5

Please support FIDO U2F tokens as second factor for two-factor authentication, ideally as an additional option to TOTP/Google Authenticator so that users can chose to use the latter if the former isn't accessible. (e.g. on mobile, where USB-only U2F tokens can't be used)

A library you could use can be found here:

https://github.com/Yubico/php-u2flib-server

Not necessarily. Yubico makes U2F compliant keys, but also has their own authentication methods (like the Yubico OTP implementation proposed in the linked feature request). FIDO U2F is an open standard backed by the FIDO alliance (https://fidoalliance.org/participate/members/) and thus other manufacturers also make U2F keys. (See Amazon for an example selection: https://www.amazon.fr/s/ref=nb_sb_noss?__mk_fr_FR=%C3%85M%C3%85%C5%BD%C3%95%C3%91&url=search-alias%3Daps&field-keywords=u2f)


I do believe most Yubico keys support U2F (at least if this table can be believed https://www.yubico.com/products/yubikey-hardware/ ) as they are a big proponent of the standard (which is probably also why they wrote the linked PHP library for it).

I think I could take benefice of this page => https://developers.yubico.com/U2F/


It provides php classes for U2F. Seems to be generic.

Yes. The PHP library linked from there should be the same one I linked to in the original post. (That github repo also includes examples.)

Yubicos YubiKeys do offer U2F. However it requires one of the following tokens YubiKey 4, YubiKey 4 nano, YubiKey 4C, YubiKey NEO or FIDO U2F Security Key. Any other YubiKey does not provide U2F. All YubiKeys (except for the FIDO U2F) provide static passwords, OTP, OATH – HOTP (Event), OATH – TOTP (Time).
I'm currently using a YubiKey with a static password in combination with my memorized passphrase. Strictly that is no real 2 factor authentication, but provides a nice and long password with a very good entropy. It is an easy way to strengthen security without modifying the source code ;)

BR

Andy