Skip navigation

U2F and Biometrics

Leave the passcode behind with biometric sensors and USB security keys.

U2F

Created by the the FIDO (Fast IDentity Online) Alliance, Universal 2nd Factor (U2F) is a strong industry standard for two-factor authentication.

Once they’ve enrolled with Duo, users can quickly tap a physical USB device plugged into their device in order to log into their accounts securely. Known as a U2F authenticator, the device protects private keys with a tamper-proof component known as a secure element (SE). There are no special drivers required; all you need is a supported web browser, operating system and a U2F device, such as the YubiKey by Yubico.

WebAuthn

WebAuthn (Web Authentication API) is an open standard that allows third parties like Duo to tap into built-in biometric authenticators on laptops and smartphones. This means users can securely log into their accounts with the built-in TouchID fingerprint reader on MacOS laptops.

Created by the FIDO (Fast IDentity Online) Alliance and W3C, the WebAuthn is a specification that enables strong, public key cryptography registration and authentication. With WebAuthn, organizations can offer their users the most convenient authentication method available (their own fingerprint). It also guarantees user presence at the point of authentication and helps organizations future proof their investments in modern secure endpoints.

All that's needed to enable Webauthn is a supported web browser, operating system and a strong, built-in biometric authenticator like TouchID to enable a secure, phishproof two-factor authentication method. For legacy endpoints that don’t contain a built-in biometric sensor, USB-based security keys can bridge the gap.

Other Authentication Methods

There’s a solution for every situation.

Duo Push

Duo Push is our most commonly-used authentication method, thanks to its simplicity and reliability. Users just download the Duo Mobile app and are automatically prompted to confirm each login attempt — all it takes is a single tap.

Tokens and Passcodes

Duo allows users to confirm their identity using a secure passcode generated by a physical token, a mobile device, or a network administrator.

Cover of The Essential Guide to Securing Remote Access eBook

The Essential Guide to Securing Remote Access

With the convenience of remote access, users are at risk of threats like phishing, brute-force attacks and password-stealing malware. Read our guide to learn how security solutions like 2FA mitigate these attacks and protect your information from anywhere.

Get the Free Guide