Implementation of a Universal 2nd Factor software-only token. Supports Google Chrome on Linux. Written in Rust.
This program is basically complete, I am not currently planning to add new features like passwordless login the newer FIDO2 standard supports.
curl -s https://packagecloud.io/install/repositories/danstiner/softu2f/script.rpm.sh | sudo bash
sudo dnf install softu2f
systemctl --user start softu2f
sudo apt install -y curl
curl -s https://packagecloud.io/install/repositories/danstiner/softu2f/script.deb.sh | sudo bash
sudo apt install -y softu2f
systemctl --user start softu2f
After installing, use your new virtual U2F device on a site supporting it such as: https://demo.yubico.com/webauthn-technical/registration
Note on Ubuntu 16.04 LTS a reboot is required for changes from dbus-user-session to take effect.
Disclaimer: This is a personal project, I am not a security expert and make no guarantee of security.
Like any U2F authenticator this program provides a degree of protection against phishing and poorly chosen passwords. However it does not provide the same level of protection against malware that a hardware authenticator does. For some people the protection against phishing and convenience may be worth the security trade-off.
If your machine is compromised by malware, the attacker could steal a copy of the secret keys stored by this authenticator. In this situation you should immediately unregister this authenticator anywhere it is registered in addition to changing the passwords of any potentially compromised account. With a hardware authenticator secret keys never leave the device so in the case of malware you can simply unplug from the infected machine and be confident your accounts are safe from further compromise.
This project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.