In the latest April 2020 Update for Invicti Enterprise, we introduced Universal 2nd Factor Authentication.
Universal 2nd Factor Authentication (U2F) is one of the most secure authentication methods. U2F lets users access multiple services and platforms with one single key without any software or driver.
You can configure Universal 2nd Factor Authentication from the Two-factor Authentication window in Invicti Enterprise.
The Benefits of Universal 2nd Factor Authentication
One important benefit of using U2F authentication, in addition to protecting against known threats like SIM swapping, is the ability to block phishing attacks. Since U2F Authentication is bound to the origin, this means that only real websites can authenticate with the key. U2F devices generate different key-pairs for different origins. It prevents attackers from accessing the key-pair of the target website.
U2F also uses token binding, which secures the connection between the browser and the service to prevent man in the middle attacks. Token binding allows servers to create cryptographically bound tokens (such as cookies or OAuth tokens) to the TLS layer, to prevent attacks where an attacker exports a bearer token from the user’s machine to present to a web service in order to impersonate the user. This method is used by FIDO U2F keys to bind the FIDO authentication token to the user agent's TLS connection with the service.
The final, obvious advantage of U2F is that it is a physical device that uses the two-factor authentication method. So, it's impossible to login into the system without it.