Password manager Dashlane is one of the first consumer-facing companies to take advantage of a little-known feature within Intel’s 8th-generation Core chips that could become much more popular: enabling two-factor authentication with just your PC, and not your phone.
What’s known as Universal Second Factor (U2F) authentication lives within the 8th-generation Core architecture. Typically, two-factor authentication (2FA)—recommended for years as an additional security measure for email, online storage, and other data—requires that a code be sent to your phone either via an app or SMS. Intel’s 8th-gen Core architecture and its associated software cut out the need for a phone, simply requiring you to click a software “button” to authenticate the 2FA transaction.
Technically, U2F support isn’t new. Intel’s 7th-generation Core chips, known as Kaby Lake, were introduced with a technology known as Software Guard Extensions, or SGX. SGX is essentially a protected area within the chip for storing encryption keys. But only two services announced support for SGX: Dropbox and Duo Security, which announced proofs-of-concept earlier this year.
Once the 8th-generation Core chips ship, Dashlane will immediately be able to take advantage of the built-in technology and use U2F as an additional form of authentication, Allison Baker, the strategic partnerships manager for Dashlane, said. She confirmed that U2F will work with 8th-gen Core chips for consumers, and don’t require Intel’s vPro technology for businesses.
“You don’t need a phone or anything else,” besides a compatible Intel-based PC, Baker said.
Why this matters: Breaking into your PC is bad enough—that’s why there’s Windows Hello, user PINs, and Windows passwords. With web services accessible from just about anywhere, however, there’s a need for a second layer of security to differentiate you from the bad guys. Two-factor authentication helps secure those online transactions; U2F promises to make them less of a hassle.
Traditionally, “two-factor authentication” assumes the use of a phone, though a dedicated USB key can also be used.
How U2F works within Intel’s Core chips
The FIDO Alliance developed U2F as an open authentication standard, designed to help simplify two-factor authentication. For the purposes of registering with an online service like Dashlane, two “keys” are created: a public one, which is registered with the service itself, as well as a private one, which is stored within the Core chip on the client PC.
According to Dashlane’s Baker, the client’s private key signs an assertion that the service can verify as coming from the client PC. But the signature is only released after the user verifies his presence by clicking a button on the screen, displayed by Intel’s Online Connect middleware. Intel’s been busy working on PC security solutions for years; last year, Intel showed off its Authenticate technology, combining fingerprints, PIN, paired phones, and more.
Sign up for Computerworld eNewsletters.