I recently got a U2F Zero, a tiny (about 2 inches long) and cheap (about 8 dollars) device implementing the FIDO Universal Second Factor protocol. It’s open source, too, which is awesome.
I primarily use Firefox. Unfortunately, Firefox doesn’t support U2F out of the box; you have to enable security.webauth.u2f in about:config.
Once enabled, I tried to register it with GitHub. Unfortunately, it kept on failing, despite the little green light on the U2F Zero going blue.
Eventually, I discovered that one security measure - Linux isolating Firefox from my USB devices - was getting in the way of this new one. I added the contents of this file to /etc/udev/rules.d/10-u2f.rules and ran sudo udevadm control --reload to reload the rules, and it worked!
The process is as follows:
- Log into a website that supports U2F
- Enable second factor with some 2FA app, like Google Authenticator
- Find the interface to register a U2F device
- Plug in U2F Zero
- When light is green, press the only button on the device
The light turns blue and, if all goes well, the device will be registered. Now, instead of pulling out your phone and entering a code, just whack in the U2F Zero and hit the button when you log in.
Works like a charm, and the bare matte-black PCB means you can keep your hacker aesthetic going, or 3D print a case to your liking.