Universal 2nd Factor Authentication

With the April 2020 Update for Invicti Enterprise, we added support for Universal 2nd Factor Authentication, so you can now use any compliant U2F device. This provides you with a defense against phishing attacks, strong security, and heightened privacy.

Universal 2nd Factor Authentication

In the latest April 2020 Update for Invicti Enterprise, we introduced Universal 2nd Factor Authentication.

Universal 2nd Factor Authentication (U2F) is one of the most secure authentication methods. U2F lets users access multiple services and platforms with one single key without any software or driver. 

You can configure Universal 2nd Factor Authentication from the Two-factor Authentication window in Invicti Enterprise.

Universal 2nd Factor Authentication

The Benefits of Universal 2nd Factor Authentication

One important benefit of using U2F authentication, in addition to protecting against known threats like SIM swapping, is the ability to block phishing attacks. Since U2F Authentication is bound to the origin, this means that only real websites can authenticate with the key. U2F devices generate different key-pairs for different origins. It prevents attackers from accessing the key-pair of the target website. 

U2F also uses token binding, which secures the connection between the browser and the service to prevent man in the middle attacks. Token binding allows servers to create cryptographically bound tokens (such as cookies or OAuth tokens) to the TLS layer, to prevent attacks where an attacker exports a bearer token from the user’s machine to present to a web service in order to impersonate the user. This method is used by FIDO U2F keys to bind the FIDO authentication token to the user agent's TLS connection with the service.

The final, obvious advantage of U2F is that it is a physical device that uses the two-factor authentication method. So, it's impossible to login into the system without it.

For further information on other features in this release, see Two-Factor Authentication and April 2020 Update for Invicti Enterprise.