What is FIDO?
An open industry standard for securely authenticating users, FIDO (Fast IDentity Online) provides passwordless authentication alternatives for a more secure and private authentication method. FIDO uses authentication methods such as biometrics such as fingerprint scans, facial recognition, voice recognition and iris scans, OTPs (One-Time Passwords) and many more. The authentication methods are enabled through specific devices such as security keys, fingerprint scanners and mobile devices.
FIDO protocols aim to replace traditional password-based authentication with a more secure and simpler method of authentication for people to use and companies to manage.
FIDO Alliance members are those organisations focused on developing and implementing FIDO protocols for authentication. These include numerous large-scale technology companies, financial institutions as well as government agencies.
How does FIDO authentication work?
FIDO protocol uses standard public key cryptography methods to authenticate users. Designed to protect users’ privacy and security, FIDO uses private keys and biometrics that never leave the user’s device.
a. While registering a user:
- When a new user is registering with an online service, the user chooses an available authenticator, according to the online services’ policy.
- The user then uses a fingerprint, a second-factor device, a secure PIN or another method to unlock the FIDO authenticator.
- The user’s device creates a new public/private key unique to the user’s device, online service and account.
- The public key is sent to the online service, associated with the user’s account. The private key remains on the user’s device, which is then used for logging in.
b. While logging in a user:
- While logging in, the online service asks the user to use the previously registered device.
- The user unlocks the FIDO authenticator, similar to the one done during registration.
- The device uses the online service’s key to identify the user and sign the service’s challenge, which generally includes fingerprint, entering a PIN or pressing a button on the user’s device.
- The user’s device sends the signed challenge back to the online service, which verifies against the public key and lets the user log in.
What is FIDO2 Authentication?
FIDO2 is the next version of FIDO, which lets users authenticate themselves using common devices on both mobile and website. It allows users to use a security key or a built-in authenticator in smartphones for authentication.
FIDO2 uses the W3C’s Web Authentication (WebAuthn) standard and the Client-to-Authenticator Protocol (CTAP) for passwordless identity verification. Using a combination of cryptography and traditional authentication, FIDO2 is highly secure and user-friendly.
What are the benefits of FIDO authentication?
FIDO authentication provides numerous benefits over traditional authentication methods, which include;
- Greater security: FIDO uses public-key cryptography for secure authentication, without requiring a password. The biometric data used to authenticate never leaves the user’s devices and therefore prevents unauthorized access to private information.
- Passwordless authentication: FIDO lets users authenticate themselves using biometrics (facial features, fingerprints or voice) or a physical security key. This eliminates the need for users to remember multiple passwords, enhancing their experience while keeping their data secure.
- Flexibility: Users can use a physical security key or device with a built-in authenticator, such as a smartphone to authenticate themselves. This makes FIDO authentication very simple to use, even when users don’t have access to a specific device.
- Compatibility: FIDO is an open and free authentication standard, which means that it can be used by any website or application. Along with this, FIDO authentication works seamlessly across all platforms, making it easy for users to use the same secure method of authentication across devices and websites.
How does uqudo’s FIDO authentication work?
The steps involved in uqudo’s FIDO authentication are;
- The user first chooses a FIDO authenticator to register on the platform.
- The user then unlocks the FIDO authenticator using a fingerprint, PIN or a second device.
- The user’s device creates a public/private key, that is unique to the user’s device and account.
- The public key is stored on the server to associate with the user’s account and the private key never leaves the user’s device.