Password manager Dashlane is one of the first consumer-facing companies to take advantage of a little-known feature within Intel’s 8th-generation Corechips that could become much more popular: enabling two-factor authentication with just your PC, and not your phone.
What’s known as Universal Second Factor (U2F) authentication lives within the 8th-generation Core architecture. Typically, two-factor authentication (2FA)—recommended for years as an additional security measure for email, online storage, and other data—requires that a code be sent to your phone either via an app or SMS. Intel’s 8th-gen Core architecture and its associated software cut out the need for a phone, simply requiring you to click a software “button” to authenticate the 2FA transaction.
Technically, U2F support isn’t new. Intel’s 7th-generation Core chips, known as Kaby Lake, were introduced with a technology known as Software Guard Extensions, or SGX. SGX is essentially a protected area within the chip for storing encryption keys. But only two services announced support for SGX: Dropbox and Duo Security, which announced proofs-of-concept earlier this year.
Once the 8th-generation Core chips ship, Dashlane will immediately be able to take advantage of the built-in technology and use U2F as an additional form of authentication, Allison Baker, the strategic partnerships manager for Dashlane, said. She confirmed that U2F will work with 8th-gen Core chips for consumers, and don’t require Intel’s vPro technology for businesses.
“You don’t need a phone or anything else,” besides a compatible Intel-based PC, Baker said.
Why this matters: Breaking into your PC is bad enough—that’s why there’s Windows Hello, user PINs, and Windows passwords. With web services accessible from just about anywhere, however, there’s a need for a second layer of security to differentiate you from the bad guys. Two-factor authentication helps secure those online transactions; U2F promises to make them less of a hassle.
How U2F works within Intel’s Core chips
The FIDO Alliance developed U2F as an open authentication standard, designed to help simplify two-factor authentication. For the purposes of registering with an online service like Dashlane, two “keys” are created: a public one, which is registered with the service itself, as well as a private one, which is stored within the Core chip on the client PC.
According to Dashlane’s Baker, the client’s private key signs an assertion that the service can verify as coming from the client PC. But the signature is only released after the user verifies his presence by clicking a button on the screen, displayed by Intel’s Online Connect middleware. Intel’s been busy working on PC security solutions for years; last year, Intel showed off its Authenticate technology, combining fingerprints, PIN, paired phones, and more.
According to a GIF Dashlane prepared to demonstrate the process, authenticating with Dashlane requires entering your password. Intel’s Online Connect will then find the security key. Sending it on its way requires clicking on a button that appears randomly within a separate window, within 15 seconds. That window uses what’s called Intel Protected Transaction Display technology, which actually generates the screen from within the Intel chip itself. The user sees the button; according to Intel, any man-in-the-middle attacker would merely see a blank, black box with no indication on where to click.
It appears, though, that U2F places more of an emphasis on the first line of security used to defend your PC: Windows Hello, a PIN, or a password. If an attacker were able to guess your PIN while you left your eighth-generation PC alone to buy a cup of coffee, they’d still need to know your Dashlane master password to log in. But with traditional two-factor, phone-based authentication, a service like Dashlane would also buzz your phone—which you might have in your pocket, alerting you that an attack was in progress.
In any event, though, services like Dashlane appear to be preparing to take advantage of the U2F capabilities built into Intel’s Core chips. Passwords used to be sufficient, but complex, hard-to-guess passwords can be a pain to use repeatedly. The challenge is to offer security without imposing too much of a burden on the user, and Intel and its partners appear to be zeroing in on quick, convenient security methods.