The industry’s answer to the password problem
The FIDO Alliance developed FIDO Authentication standards based on public key cryptography for authentication that is more secure than passwords and SMS OTPs, simpler for consumers to use, and easier for service providers to deploy and manage. FIDO Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps.
Enabling a fundamental shift to phishing-resistant authentication
From legacy, knowledge-based credentialing
To modern, possession-based credentialing
- Stored on a server
- SMS OTP
- KBA
- Passwords
- On-device (never on a server)
- Local Biometric / PIN
- DocAuth
- Multi-device FIDO credentials
What is FIDO2?
FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments.
The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).
Benefits of FIDO Authentication
Security
FIDO2 cryptographic login credentials are unique across every website, never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft and replay attacks.
Convenience
Users unlock cryptographic login credentials with simple built-in methods such as fingerprint readers or cameras on their devices, or by leveraging easy-to-use FIDO security keys. Consumers can select the device that best fits their needs.
Privacy
Because FIDO cryptographic keys are unique for each internet site, they cannot be used to track users across sites. Plus, biometric data, when used, never leaves the user’s device.
Scalability
Websites can enable FIDO2 through a simple JavaScript API call that is supported across leading browsers and platforms on billions of devices consumers use every day.
As an expert deeply immersed in the field of cybersecurity and authentication technologies, I bring a wealth of firsthand knowledge on the subject. My expertise spans a broad range of topics, from traditional password-based security to cutting-edge authentication methods such as those developed by the FIDO Alliance.
The FIDO Alliance has emerged as a key player in addressing the persistent challenges posed by traditional passwords. In response to the password problem, the Alliance has developed FIDO Authentication standards, centered around public key cryptography. This innovative approach not only enhances security but also aims to simplify the user experience and streamline deployment for service providers.
The FIDO Authentication standards propose a shift from legacy, knowledge-based credentialing to modern, possession-based credentialing. This transition involves moving away from traditional password storage on servers, SMS one-time passwords (OTPs), and knowledge-based authentication (KBA). Instead, FIDO Authentication promotes the use of on-device credentials that never leave the user's device, local biometrics or PINs, and multi-device FIDO credentials.
One key component of FIDO Authentication is FIDO2, which facilitates user authentication across both mobile and desktop environments. FIDO2 comprises the Web Authentication (WebAuthn) specification by the World Wide Web Consortium (W3C) and the Client-to-Authenticator Protocol (CTAP) developed by the FIDO Alliance.
The benefits of adopting FIDO Authentication, particularly FIDO2, are significant. The security model relies on cryptographic login credentials unique to each website, eliminating the risks associated with phishing, password theft, and replay attacks. Convenience is another advantage, as users can unlock cryptographic login credentials using built-in methods like fingerprint readers, cameras, or FIDO security keys. Importantly, FIDO Authentication prioritizes privacy, with unique cryptographic keys for each site and biometric data, if used, remaining securely stored on the user's device.
Scalability is also a key feature, as websites can implement FIDO2 through a simple JavaScript API call supported across leading browsers and platforms. This widespread compatibility ensures that billions of devices, across various platforms, can seamlessly integrate FIDO Authentication.
In conclusion, the FIDO Alliance's approach to addressing the password problem through FIDO Authentication, particularly FIDO2, represents a significant advancement in security, convenience, privacy, and scalability. The shift from legacy authentication methods to possession-based credentialing marks a crucial step forward in creating a more robust and user-friendly authentication landscape for websites and apps.
