Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was suprised that when signing in to my Goole account on my Android device with Chrome Beta, the Google Authenticator App pops up to do U2F with my YubiKey NEO via NFC. That was really seamless!

Does anybody know, if it would be possible to use this within a WebView in a native app?



I don't get it. The Google Authenticator pops up and you do U2F with that? Google Authenticator is a app for TOTP. What am I not understanding?


Apparently Google Authenticator supports OATH-TOTP which allows the yubikey to respond to challenges [0].

The yubikey page is light on details, but confirms that you can use a yubikey with Google Authenticator for U2F [1].

[0] http://binaryelysium.com/blog/2011/12/13/a-reluctant-relatio...

[1] https://www.yubico.com/applications/fido/


That is strange.

I use the 'Yubico Authenticator' (like Google Authenticator but you have to connect to the Yubikey via NFC for it to reveal your login codes) if I need OATH-TOTP, this has nothing to do with U2F.

However the docs in your second link does indicate that their is some new interoperation between Google Authenticator and U2F. It seams that they use Google Authenticator as a stopgap until browser support the system directly. Pretty strange. This in turn has nothing to do with U2F.

I can not test this stuff very well because I use a Yubikey NEO that is to old for the U2F NFC and a Yubikey 4 that has no NFC. I really hope release a Yubikey 4 with NFC soon.


I'm not sure -- I don't have an easy way to test. But if you do, https://u2fdemo.appspot.com/ is a great little demo app for finding out if u2f works.


I just tested exactly this with this sample app https://play.google.com/store/apps/details?id=com.webviewbro.... But it isn't working. I think the FIDO API is not implemented in the WebView right now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: