This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the RadarUnderstand more
Published: Jan 28, 2015
Last Updated: May 05, 2015
May 2015

Securing online accounts is at the same time extremely important and notoriously difficult. Two-factor authentication does greatly increase security and we have recommended TOTP as a good solution. A new entrant in this field is Universal 2nd Factor (U2F), a solution based on public key cryptography and inexpensive USB hardware tokens. While developed at Google, it has now become a standard managed by the FIDO Alliance. We do like the promise of better protection against phishing and man-in-the-middle attacks, but are concerned because the standard currently references a specific elliptic curve digital signature algorithm that is considered to be flawed.

Jan 2015