Hacker News new | ask | show | jobs
by dark_ph0enix 3006 days ago
No mention of u2f. Is it because it's already available on the build (via about:config) or because they are not focusing on it at all this year?
3 comments
Manishearth 3006 days ago
The problem is that there's a buggy u2f library out in the wild distributed by Google that depends on Chrome-specific impl details. This means that while the pref works for sites like Github, it doesn't work for Duo or Google logins or anything that uses u2f.js. Sometimes it doesn't work to the extent that these sites break in other ways. There's nothing that Firefox can do about this; aside from waiting for it to be fixed.

Ultimately the thing that is going to be shipped is probably webauthn.

link
dochtman 3006 days ago
I think it is effectively part of/superseded by Web Authentication, which is mentioned and links to:

https://groups.google.com/forum/#!msg/mozilla.dev.platform/t...

First sentence in that thread is "Web Authentication is backward compatible with FIDO U2F second-factor tokens, and also supports more advanced capabilities in future FIDO 2.0 devices."

link
dark_ph0enix 3006 days ago
Yup, just came to edit my comment after reading the Web Authentication bit, guess will leave it if anyone has the same question.
link
Shoothe 3006 days ago
Yes, WebAuthentication will supersede U2F and it's backward compatible (meaning you can use your Yubikeys, but the API is different).
link
dark_ph0enix 3006 days ago
Uhmm while not on the roadmap, according to their wiki[1] they are still working on it.

[1]https://wiki.mozilla.org/Security/CryptoEngineering

link