Fifth Domain: Eight months after the National Institute for Standards and Technologies urged government agencies to move from text messages to hardware solutions for two-step verification, the obvious alternative — cheap but secure “U2F” (universal second factor) USB keys — remains mostly absent from federal employee keychains.
That may be disappointing but shouldn’t be surprising. Although federal CIOs can push adoption of these cryptographically signed keys, they face the same obstacle as consumer platforms: limited browser support.
The first widespread federal U2F deployment launched in September at the Veterans Administration Vets.gov site. McLean, Va.-based ID.me added this option in a suite of two-step verification methods including one-time codes delivered to phones and generated by mobile apps.