Google FIDO2 Authenticator
1,010 views
Skip to first unread message
Ching Lin
Apr 8, 2021, 4:35:49 AM4/8/21
to FIDO Dev (fido-dev)
Dear FIDO,
Our USB Authenticator just got U2F certification.
We were wondering about the procedure enabling our authenticator to be operable on Google.
Vince
Arshad Noor
Apr 8, 2021, 7:59:22 AM4/8/21
to Ching Lin, FIDO Dev (fido-dev)
Hi Vince,
Just login into your Google account, go into your profile, and navigate
into the Security section where you will find the options to register a
Security Key. You should be able to test it out immediately.
You're also welcome to test your authenticator on any one of our demo
sites: https://psd2demo.strongkey.com or https://demo.strongkey.com. If
it works there, you can be assured that it will work with Google sites
(like Gmail, etc.).
Arshad Noor
StrongKey
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f16d3359-e703-4ac8-a01d-8d8a25395f05n%40fidoalliance.org
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f16d3359-e703-4ac8-a01d-8d8a25395f05n%40fidoalliance.org?utm_medium=email&utm_source=footer>.
Just login into your Google account, go into your profile, and navigate
into the Security section where you will find the options to register a
Security Key. You should be able to test it out immediately.
You're also welcome to test your authenticator on any one of our demo
sites: https://psd2demo.strongkey.com or https://demo.strongkey.com. If
it works there, you can be assured that it will work with Google sites
(like Gmail, etc.).
Arshad Noor
StrongKey
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f16d3359-e703-4ac8-a01d-8d8a25395f05n%40fidoalliance.org
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f16d3359-e703-4ac8-a01d-8d8a25395f05n%40fidoalliance.org?utm_medium=email&utm_source=footer>.
Ching Lin
Apr 11, 2021, 9:53:07 PM4/11/21
to FIDO Dev (fido-dev), Arshad Noor, Ching Lin
Hi Arshad Noor,
I see. Do we need to ask Google to update their metadata base so that our USB U2F Key certificate may be added to their list?
Vince
Arshad Noor
Apr 12, 2021, 6:31:03 PM4/12/21
to Ching Lin, FIDO Dev (fido-dev)
No, you don't need to ask Google to do anything.
For a U2F Security Key, my recommendation is to not worry about metadata
statements, since the only companies (I know of) using U2F Security Keys
these days (Google, Facebook, Twitter, Github, Vanguard, GoDaddy,
Namecheap, login.gov) are all using it as a second-factor authentication
mechanism to thwart the most persevering attackers.
When you get to manufacturing a FIDO2 Security Key, you might be
interested in the MDS.
Note that with the new "Policy Module" in the open-source StrongKey FIDO
Server, RPs will have the ability to filter in/out specific AAGUIDs
without having to program anything in their web-app; so they will have a
degree of control over Security Keys anyway.
Hope that helps.
Arshad
On 4/11/21 6:53 PM, Ching Lin wrote:
> Hi Arshad Noor,
>
> I see. Do we need to ask Google to update their metadata base so that
> our USB U2F Key certificate may be added to their list?
>
>
> Vince
>
> On Thursday, April 8, 2021 at 7:59:22 PM UTC+8 Arshad Noor wrote:
>
> Hi Vince,
>
> Just login into your Google account, go into your profile, and navigate
> into the Security section where you will find the options to register a
> Security Key. You should be able to test it out immediately.
>
> You're also welcome to test your authenticator on any one of our demo
> sites: https://psd2demo.strongkey.com
> <https://psd2demo.strongkey.com> or https://demo.strongkey.com
> <https://demo.strongkey.com>. If
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/a2dd4467-8965-4ce3-b743-44faa0750511n%40fidoalliance.org?utm_medium=email&utm_source=footer>.
For a U2F Security Key, my recommendation is to not worry about metadata
statements, since the only companies (I know of) using U2F Security Keys
these days (Google, Facebook, Twitter, Github, Vanguard, GoDaddy,
Namecheap, login.gov) are all using it as a second-factor authentication
mechanism to thwart the most persevering attackers.
When you get to manufacturing a FIDO2 Security Key, you might be
interested in the MDS.
Note that with the new "Policy Module" in the open-source StrongKey FIDO
Server, RPs will have the ability to filter in/out specific AAGUIDs
without having to program anything in their web-app; so they will have a
degree of control over Security Keys anyway.
Hope that helps.
Arshad
On 4/11/21 6:53 PM, Ching Lin wrote:
> Hi Arshad Noor,
>
> I see. Do we need to ask Google to update their metadata base so that
> our USB U2F Key certificate may be added to their list?
>
>
> Vince
>
> On Thursday, April 8, 2021 at 7:59:22 PM UTC+8 Arshad Noor wrote:
>
> Hi Vince,
>
> Just login into your Google account, go into your profile, and navigate
> into the Security section where you will find the options to register a
> Security Key. You should be able to test it out immediately.
>
> You're also welcome to test your authenticator on any one of our demo
> sites: https://psd2demo.strongkey.com
> <https://demo.strongkey.com>. If
> it works there, you can be assured that it will work with Google sites
> (like Gmail, etc.).
>
> Arshad Noor
> StrongKey
>
> On 4/8/21 1:35 AM, Ching Lin wrote:
> > Dear FIDO,
> >
> > Our USB Authenticator just got U2F certification.
> > We were wondering about the procedure enabling our authenticator
> to be
> > operable on Google.
> >
> >
> > Vince
> >
> > --
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/a2dd4467-8965-4ce3-b743-44faa0750511n%40fidoalliance.org
> (like Gmail, etc.).
>
> Arshad Noor
> StrongKey
>
> On 4/8/21 1:35 AM, Ching Lin wrote:
> > Dear FIDO,
> >
> > Our USB Authenticator just got U2F certification.
> > We were wondering about the procedure enabling our authenticator
> to be
> > operable on Google.
> >
> >
> > Vince
> >
> > --
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/a2dd4467-8965-4ce3-b743-44faa0750511n%40fidoalliance.org?utm_medium=email&utm_source=footer>.
Ching Lin
Apr 13, 2021, 4:28:38 AM4/13/21
to FIDO Dev (fido-dev), Arshad Noor, Ching Lin
I see. Thank you so much for shedding light!
Reply all
Reply to author
Forward
0 new messages