It sounds wonderful in theory, but in practice the state of the art in OTP dongles leaves much to be desired. I got a Nitrokey. I followed the instructions on the web site. It didn't work. I contacted the company. No response. I am now the proud owner of a very expensive but slightly undersized domino.

Credit card charge back?

It's not really about the money. The cost of a nitrokey is not going to send me to the poorhouse. And I'm still hoping I can get it to work. But I thought I should put out my experience as a PSA datapoint.

Huh. I thought LastPass had support for U2F, but looks like it's still a work-in-progress, contingent upon U2F being supported on the major browsers:

https://lastpass.com/support.php?cmd=showfaq&id=8126&questio...

They do support Google Authenticator and Yubikeys, though.

I love U2F and wish more websites supported it. I bought two nano YubiKeys (they fit almost completely inside a USB port, just sticking out enough to touch the capacitive edge or dig out with a fingernail). I keep one in my laptop and one on my keychain (the keychain one also has NFC which, someday, should let me authenticate my phone).

Chrome's U2F support has worked flawlessly for me — when a website wants to register or check the token, an LED starts flashing and you touch the edge of the token to give it permission to respond. That's it — no more digging for my phone to get codes.

I was also relieved that this isn't a list of software that [requires a dongle to run](https://en.wikipedia.org/wiki/Software_protection_dongle) :).

I really wish that Firefox would add U2F support.

There's an addon for that: https://addons.mozilla.org/en-US/firefox/addon/u2f-support-a...

This looks like the same folks at https://twofactorauth.org/ I was surprised for a moment to see my company (directnic.com) on there when we hadn't submitted, but then realized its very similar design/layout

Spoke too soon, looks like its just a fork of the original two factor auth, which still lists whether it offers hardware key support

I always have issues using u2f at my college. I'm not sure if it's some crazy configuration the IT department did or just windows is shitty, but it never works. Minimal problems on my own machine running Linux, but 2FA needs to work everywhere

Being a .info site, it's surprising this site has zero information on /why/ USB dongle authentication is important to have. The tweets it helps you make just say "it's important" and link to this website.

Presumably, if you're browsing a list of services and whether or not they support 2FA, you already know what 2FA is and why it's important.

I wish it was supported within Safari, my preferred browser on OS X.

I think support is necessary at the server level, not at the browser level.

U2F[0] requires browser support, and currently only Chrome supports it. Microsoft's Edge and Firefox are expected to support it "soon".

[0]: https://en.wikipedia.org/wiki/Universal_2nd_Factor

Does the Google Authenticator app count as Two Factor Authentication? Does TOTP count as OTP?

Good question. Yubikeys only support HOTP because of the lack of battery, so I'm guessing they are referring to HOTP. Google Authenticator is TOTP.

I believe a NFC Yubikey paired with a smartphone app (https://play.google.com/store/apps/details?id=com.yubico.yub...) supports TOTP by using the smartphone's clock.

With external software providing the clock, you can use TOTP. I use https://github.com/zeteticllc/onetime on my mac with a yubikey for TOTP apps that don't yet support U2F.

Xero supports Google 2fa using Authenticator. How does one update their list?

I'd guess it's as down the bottom

"See an issue or want to add to this website? Fork it or create an issue on GitHub."