GitHub has released an interesting piece of Mac software called Soft

It's basically a virtual security key, and it stores its secret in the
macOS keyring. When you login to a website with 2FA, instead of using a
physical USB security key, you just click an "approve" button that pops up.

Their blog about it says: "Authenticators are normally USB devices that
communicate over the HID protocol. By emulating a HID device, Soft U2F
is able to communicate with your U2F-enabled browser, and by extension,
any websites implementing U2F."

As it stands, U2F is a pain in Qubes because you have to deal with USB
passthrough, and exposing your VMs to sys-usb.

How hard would it be to build a Qubes version of Soft U2F that stores
the secret in a separate VM, similar to split gpg? This could make using
U2F much more usable and secure inside of Qubes, I think.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to