Yubico is warning organizations about a Chrome update that could limit the utility of their security keys. The warning specifically concerns Chrome’s U2F API, which will be deactivated with the release of Chrome v. 98 later in the month.
At its core, the U2F authentication protocol concerns the use of security keys (like Yubico’s various YubiKeys) for secure multi-factor authentication. The Chrome U2F API, on the other hand, is a programming tool that allows organizations to integrate those keys into their own custom workflows on Chrome platforms.
With Chrome v. 98, Google is getting rid of the programming API, but will still be supporting the broader U2F protocol. In that regard, it will be replacing the Chrome API with the newer WebAuthn API, which offers support for major web browsers like Safari and Edge in addition to Chrome. As a result, the move should increase the utility of any security keys that organizations have handed out to their employees.
The catch is that those organizations will need to make sure they migrate from the Chrome API to the more advanced WebAuthn successor to guarantee consistent service. Those that fail to make the switch may find that they can no longer use their security keys for authentication, and will likely encounter other errors depending on their setup.
Yubico, meanwhile, is simply trying to help organizations with that transition. The company noted that WebAuthn was built to be backwards compatible with the Chrome API, and explained how organizations can update their code to call the WebAuthn API navigator instead of the Chrome U2F API register during an authentication event.
Organizations that need more time to make the switch can enroll in a U2F deprecation trial to delay their deadline until July. Enterprises that have activated U2fSecurityKeyApiEnabled can also take advantage of extended U2F service. Yubico has provided open source WebAuthn documentation for everyone else, and is planning to cover the topic in more detail during a webinar on February 22.
Follow Us