Skip navigation

U2F and Biometrics

Leave the passcode behind with biometric sensors and USB security keys.


Created by the FIDO (Fast IDentity Online) Alliance, Universal 2nd Factor (U2F) is a strong industry standard for two-factor authentication.

Once they’ve enrolled with Duo, users can quickly tap a physical USB device plugged into their device in order to log into their accounts securely. Known as a U2F authenticator, the device protects private keys with a tamper-proof component known as a secure element (SE). There are no special drivers required; all you need is a supported web browser, operating system and a U2F device, such as the YubiKey by Yubico.


WebAuthn (Web Authentication API) is an open standard that allows third parties like Duo to tap into built-in biometric authenticators on laptops and smartphones. This means users can securely log into their accounts with the built-in TouchID fingerprint reader on MacOS laptops.

Created by the FIDO (Fast IDentity Online) Alliance and W3C, the WebAuthn is a specification that enables strong, public key cryptography registration and authentication. With WebAuthn, organizations can offer their users the most convenient authentication method available (their own fingerprint). It also guarantees user presence at the point of authentication and helps organizations future proof their investments in modern secure endpoints.

All that's needed to enable Webauthn is a supported web browser, operating system and a strong, built-in biometric authenticator like TouchID to enable a secure, phishproof two-factor authentication method. For legacy endpoints that don’t contain a built-in biometric sensor, USB-based security keys can bridge the gap.

Other Multi-Factor Authentication Methods

There’s a solution for every situation.

Duo Push

Duo Push is our most commonly-used authentication method, thanks to its simplicity and reliability. Users just download the Duo Mobile app and are automatically prompted to confirm each login attempt — all it takes is a single tap.

Tokens and Passcodes

Duo allows users to confirm their identity using a secure passcode generated by a physical token, a mobile device, or a network administrator.

Cover of Passwordless: The Future of Authentication eBook

Passwordless: The Future of Authentication

Tech and security analysts predict enterprises will shift to passwordless authentication for their users to enable modern digital transformation. In this white paper, we discuss the passwordless future and the path toward passwordless authentication.

Get the Free Guide