How Intel Core chips and Lenovo PCs could take over two-factor authentication from your phone

Security News ThreatsCybercrime Uncategorized

Password manager Dashlane and PC maker Lenovo are among the first consumer-facing companies to take advantage of a little-known feature within Intel’s 8th-generation Core chips that could become much more popular: enabling two-factor authentication with just your PC, and not your phone.

What Intel calls Intel Online Connect (or, more generically, Universal Second Factor (U2F) authentication) lives within the 8th-generation Core architecture. Typically, two-factor authentication (2FA)—recommended for years as an additional security measure for email, online storage, and other data—required that a code be sent to your phone either via an app or SMS. Intel’s 8th-gen Core architecture and its associated software cuts out the need for a phone, simply requiring you to click a software “button” to authenticate the 2FA transaction.  

Intel’s Online Connect improves on a related technology Intel introduced in its 7th-generation Core chips, known as Software Guard Extensions, or SGX. SGX is essentially a protected area within the chip for storing encryption keys. But only two services announced support for SGX: Dropbox and Duo Security, which announced proofs-of-concept earlier this year.

Lenovo is the first PC maker to announce support for Intel Online Connect in both some of its older as well as its more recent PCs. On Tuesday, Lenovo announced Intel Online Connect support for the Yoga 920, IdeaPad 720S, ThinkPad X1 Tablet (2nd generation), ThinkPad X1 Carbon (5th generation), ThinkPad Yoga 370, ThinkPad T570, ThinkPad P51s, ThinkPad T470s, ThinkPad X270 and ThinkPad X270s. Intel Online Connect can be either downloaded from the web directly, or will be made available via Lenovo System Update and Lenovo App Explorer on all supported Lenovo devices, the company said.

Why this matters: Breaking into your PC is bad enough—that’s why there’s Windows Hello, user PINs, and Windows passwords. With web services accessible from just about anywhere, however, there’s a need for a second layer of security to differentiate you from the bad guys. Two-factor authentication helps secure those online transactions; U2F promises to make them less of a hassle.

android new years 2fa Ryan Whitwam

Traditionally, “two-factor authentication” assumes the use of a phone, though a dedicated USB key can also be used.

How U2F works within Intel’s Core chips

Once the 8th-generation Core chips ship, Dashlane will immediately be able to take advantage of the built-in technology and use U2F as an additional form of authentication, Allison Baker, the strategic partnerships manager for Dashlane, said. She confirmed that U2F will work with 8th-gen Core chips for consumers, and don’t require Intel’s vPro technology for businesses.

“You don’t need a phone or anything else,” besides a compatible Intel-based PC, Baker said.

The FIDO Alliance developed U2F as an open authentication standard, designed to help simplify two-factor authentication. For the purposes of registering with an online service like Dashlane, two “keys” are created: a public one, which is registered with the service itself, as well as a private one, which is stored within the Core chip on the client PC.

Tagged