ID.me debuts 'unphishable' security keys
12 September 2017 16:18 GMT

Digital ID firm ID.me has announced the ability to use FIDO U2F (Universal Second Factor) Security Keys as an extra layer of authentication for its identity proofing services. 

Security Keys, such as the YubiKey, are being introduced as an additional form of two-factor authentication for those seeking extra protection. 

ID.me provides identity proofing services for three different federal agencies and this will be first roll out of FIDO U2F for 2-factor authentication for government agencies in the US.

The option will be presented to users alongside existing two-factor authentication choices, such as a code sent by text message, and a call to a landline.

According to Verizon's 2017 Data Breach Investigations Report, 81% of breaches involve weak or stolen passwords. Blake Hall, ID.me CEO, explains why this new authentication method offers better protection for digital identity.

"Thieves can guess or steal passwords from a database and they can spoof biometrics," Hall says. "A physical FIDO U2F Security Key is 'un-phishable' -- it must be physically stolen from you, to compromise your account. To provide more robust and easy to use security to all customers, it's essential to support FIDO U2F based standards and the adoption of security keys."

To register, users insert the security key into a USB port, enter a password and tap the device when prompted. This will generate a cryptographic code that binds the physical token to their identity, proving that it is not someone pretending to be them. For future login, users follow the same simple process.

Stina Ehrensvard, CEO of Yubico, the leading maker of FIDO U2F Security Keys, explains, "We are thrilled to see ID.me help protect the first US government service with FIDO U2F security keys. Today US citizens can use the same security key, such as the YubiKey, to login securely to leading internet services, including Google and Facebook, and now on federal sites where ID.me is used for identity proofing. It's a great milestone for open internet security standards, and an important step towards a more secure internet for everyone."

This launch supports FIDO Alliance U2F authentication standards - designed to reduce the reliance on passwords, increase account security against common threats and improve the user-experience for identity proofing. The FIDO Alliance currently consists of over 250 industry members and partners dedicated to developing new standards for stronger online identity authentication.