FIDO U2F tokens Web Browsers compatibilty

Question

I\'m trying to integrate U2F Authentication in GWT project and I need to know if is this solution compatible with all new web browsers (Firefox

Answer 1

It isn't specifically true that browsers can't add compatibility via extensions as per Michael's post, the issue isn't that it's secure because the browser "directly communicates" - USB can be sniffed so U2F isn't secure in that sense, which is precisely why it has defences against replay attacks.

The issue relates to browsers not generally having support internally to directly talk to USB devices - or more usefully for extensions to do that (but that would throw up other unrelated security concerns). It's perfectly plausible for a piece of software to act as an intermediary for an extension and pass on authentication events to a FIDO device; I've investigated the possibility and it absolutely would work without harming the security of U2F itself - native browser support would be preferable though.