How FIDO U2F Security Keys Work

Effective user authentication is a critical part of securing your data and infrastructure. Passwords are not enough any more, multi-factor auth is a must. This talk will dive into how FIDO U2F security keys work, why they are awesome, and how they defend against phishing attacks.

SMS codes and one-time-password apps are a great improvement over passwords alone, but the FIDO Alliance’s Universal Two Factor specification attempts to take it a step further. U2F provides a phishing resistant, hardware based second authentication factor.

Before you depend on a technology as a building block of security, it’s good to understand how it works, and why it’s a good fit for your needs. This talk will cover these things, so you don’t have to read the spec yourself.

An overview of the two-factor landscape

  • Why U2F is awesome
  • How it resists phishing attacks
  • How those security keys work inside



Jen Tong


Jen is a Security Advocate on Google Cloud Platform. In this role she helps developers and IT professionals stay out of trouble while getting the most out of cloud computing. Previously she worked in