Universal 2nd Factor (U2F) is an open authentication standard originally developed by Yubico and Google and now hosted by the FIDO Alliance. Security devices with U2F support allow you to use two-factor authentication more easily since they contain a secret key that provides a second factor only by pressing the device’s button. You don’t need to manage more credentials.
In this article, we compare the Yubico Security Key and Nitrokey FIDO U2F. Both tokens offer similar features and come with support for U2F.
Always stay in the loop!
Subscribe to our RSS/Atom feed.
The basic idea of U2F
Before we compare both tokens, we want to show the basic idea of U2F. If you aren’t interested in technical details, skip to the comparison.
There are two different processes: The registration process (when you register your token for a website), and the subsequent login process.
The registration process of U2F consists of the following steps:
- The web browser checks the identity of the website using its certificate. The validity of the certificate ensures that the domain name is trustworthy.
- The identity of the website (domain name) is sent to the token by the web browser.
- The user confirms the registration process by pressing the token’s physical button.
- The token generates a nonce.
- The token creates a hash value using HMAC derived from the website’s identity, the nonce and the secret key of the token.
- The token derives a unique secret key and the corresponding public key from the hash value.
- The token creates a second hash value (checksum) using HMAC derived from the unique secret key, the website’s identity and the secret key of the token.
- The token sends the second hash value (checksum), nonce and public key of the newly-generated unique private key to the web browser.
- The web browser sends this data to the website.
- The website stores key handle (nonce + checksum) and public key.
As you can see, the online service doesn’t learn or store any secret keys. Moreover, online services don’t learn about the secret key in your security token but get a unique public key. Therefore, online services can’t track your security token across different domains.
Subsequent U2F login attempts require verification consisting of the following steps:
- You start the login process by entering your credentials like your username and password on a website.
- The website generates a challenge.
- The website sends the challenge and key handle to the token via the web browser.
- The token calculates the same private key based on the old nonce (part of the key handle), its own secret key and the website’s identity.
- The token calculates the a checksum as before and compares it with the one provided by the server (part of the key handle).
- If everything is okay, the token cryptographically signs the challenge sent by the server using the unique private key for the server.
- The token sends its signed response to the web browser.
- The web browser sends the signed response to the website.
- The website verifies the signed response using the public key received during registration.
If you look for a more technical and detailed description, see Nitrokey’s detailed description of U2F.
Yubico Security Key and Nitrokey FIDO U2F in comparison
YubiKeys as well as Nitrokeys are supported by most common operating systems. You don’t have to install additional software to use U2F tokens except a web browser with U2F support. Nowadays, U2F is supported by most web browsers, however, it is already legacy technology superseded by the W3C WebAuthn API. WebAuthn is backward compatible with U2F.
Yubico Security Key
YubiKeys are produced by Yubico which was founded in 2007 and is based in the USA and Sweden. All current YubiKeys support U2F. The latest generation (5th generation) also introduced support for WebAuthn.
In April 2018, Yubico introduced the Security Key that is less expensive than other YubiKeys while only supporting U2F and WebAuthn. The physical design is identically equal to USB-A YubiKeys. Like other YubiKeys, it is shipped containing closed-source firmware.
The Yubico Security Key supports U2F and WebAuthn (included in FIDO2). There is also an NFC version of it.
The official Yubikey Manager can be used to reset all U2F secrets.
Nitrokey FIDO U2F
Nitrokeys are produced by Nitrokey UG which was founded in 2015 and is based in Germany. The people behind Nitrokey actually developed a predecessor, called Crypto Stick (2008–2010).
The Nitrokey FIDO U2F is based on the U2F Zero. The differences are another touch button, a smaller printed circuit board and bigger flash for the microcontroller unit.
In November 2018, Nitrokey UG released the Nitrokey FIDO U2F. It doesn’t support other technologies like OpenPGP. In contrast to YubiKeys, you must buy a Nitrokey FIDO U2F and another Nitrokey if you want to use more features (not only U2F or OpenPGP etc.). The physical design of the Nitrokey FIDO U2F is identically equal to the Nitrokey Pro. Like other Nitrokeys, it is shipped containing open-source firmware and open hardware.
In summary, its feature is solely U2F support. There is no support for WebAuthn at the moment. In 2019, Nitrokey published a new token that supports U2F and WebAuthn (see our article Yubico Security Key vs. Nitrokey FIDO2).
U2F tokens are based on public-key cryptography. Due to this, online services never learn or store any secrets. The secret key of the U2F token can’t be extracted, and cryptographic operations are performed by the token. To avoid unwanted operations by the token, users must press the device’s button to authorize a single operation. This is far more secure than using apps on mobile devices for two-factor authentication, and more convenient than entering a one-time password (like OATH-TOTP). Registering and logging in consists of pressing a button.
Moreover, web browsers check the identity of websites using their certificates and websites have to provide the correct key handle. This offers basic phishing protection, because wrong key handles result in wrong checksums. Therefore, further cryptographic operations are aborted.
Furthermore, a manipulated web browser or operating system can’t access the secret key of the token. They could only log successful login attempts but the challenge involved protects against replay attacks.
The design of U2F as written above comes with another benefit: Since servers must store key handle and public key, no data has to be written to the token. This means that a single U2F token can be used for an unlimited amount of accounts.
Finally, your token can’t be fingerprinted by a website since there is no unique property that is transmitted to the website.
Of course, there are some problems:
First of all, U2F requires a client with U2F support. As of today, most major web browsers support WebAuthn, which is backward compatible with U2F. However, if your web browser doesn’t support it, you can’t use your U2F token. The same is true for server-side support: Many websites don’t support U2F, but seemingly U2F/WebAuthn becomes more wide-spread.
Secondly, U2F tokens aren’t for free. The Yubico Security Key costs about €20, while the Nitrokey FIDO U2F costs €22. Given the fact that you can use them for an unlimited amount of accounts, the price is manageable.
Thirdly, if you lose your token, you lose access to your accounts. Some websites require you to also configure OATH-TOTP as a backup solution. More secure is a second U2F token as a backup token. Most websites should allow you to register multiple U2F tokens.
Fourthly, if someone steals your token, you lose access to your accounts and this person may access your accounts if other credentials are also known to him. The FIPS series of Yubico allows you to set a PIN for U2F.
Sometimes, U2F secrets are generated by the manufacturer of the security token, then stored on the device and can’t be replaced afterward. In theory, manufacturers could copy your secret U2F key during manufacturing.
Finally, most U2F tokens only come with an LED indicating that you should press its physical button. There is no display that shows the operation that you should authorize. This can be confusing.
The main difference is that the hardware/firmware of YubiKeys is closed source while Nitrokeys are based on open hardware/open-source software. Both producers argue convincingly that their philosophy is better. Both U2F tokens are almost identical in size (the YubiKey is half as thick). The tokens weigh 3 grams (Yubico Security Key) resp. 5 grams (Nitrokey FIDO U2F).
In 2019, we clearly recommend NOT to buy a Nitrokey FIDO U2F since its successor, the Nitrokey FIDO2, supports WebAuthn and U2F (see our article Yubico Security Key vs. Nitrokey FIDO2). It costs €29, €7 more than the predecessor.
Therefore, buy a Yubico Security Key or a Nitrokey FIDO2.
- Yubicoexternal link
- Nitrokeyexternal link
- Nitrokey FIDO U2F firmwareexternal link
- Nitrokey's detailed description of U2Fexternal link
- List of websites and their OTP/U2F supportexternal link
- Dec 22, 2019: Added information about Nitrokey FIDO2. See also “Yubico Security Key vs. Nitrokey FIDO2”. Rewrote the beginning to clarify the purpose of the section on the basic idea of U2F. Updated information regarding current U2F support by web browser. Updated recommendations based on the release of the Nitrokey FIDO2.