FIDO2 - A Passwordless Future
Highly secure authentication for physical access, logical access and multi-application
What is FIDO2?
The FIDO standard is an authentication standard developed and implemented by the FIDO Alliance, a consortium of leading technology companies, government agencies, financial institutions and other industries. In addition to over 250 members, Microsoft, Google, Apple, Amazon, Mastercard, PayPal and Facebook are the most well-known names in the FIDO Alliance, who are working together with the W3C (World Wide Web Consortium) towards a common goal: A world without passwords, but with secure authentication. FIDO2 is the latest standard from the FIDO Alliance, which is already used on Windows 10 and 11, Android, MacOS and in numerous browsers and web services such as Dropbox, Google and Amazon.
Advantages of FIDO2 Authentication
Maximum protection of privacy
Personal or biometric data never leaves the device in order to be authenticated at a remote station.
Smooth and convenient user experience
There is no need to memorize or store many different and complex passwords or to renew them regularly.
Highest safety standard
By using cryptographic keys and the option of additionally protecting the authenticator against use by third parties via 2FA (2-factor authentication).
Optimal integration
It is already compatible with Windows, Android, numerous browsers such as Google Chrome and Safari as well as website services such as Dropbox, Google and Amazon.
High flexibility
When choosing the right platform, many things are possible: USB tokens, Bluetooth or NFC devices, but also personalized smartcards that are also used for physical access solutions and as ID cards.
How does FIDO2 authentication work?
FIDO2 is designed to guarantee users with maximum security and privacy when logging in to devices, applications and web services, as well as when gaining physical access. At the same time, it eliminates the need for passwords or PINs, freeing users from the hassle of remembering complex passwords and closing security gaps caused by the theft of personal, login, or payment information through malware, phishing, and the like.
Instead of or in addition to a password, a digital cryptographic key is generated. This so-called private key is generated in an authenticator and transmitted by an active action of the owner, such as pressing or tapping a button. The authenticator can be an external device connected to the PC via USB, NFC or Bluetooth, such as a USB stick, RFID key fob or smartwatch. Alternatively, the smartphone or PC itself can use the internal crypto chip to generate the key using a suitable authentication application.
Additional security is provided by protecting the authenticator itself with two-factor authentication, which is optional and device-dependent. For example, a fingerprint, PIN or facial recognition is required to generate a key. This procedure is explicitly provided in FIDO2 and prevents the authenticator from being used by unauthorised third parties, for example in the event of theft.