FIDO (Fast Identity Online) is a set of open and standardized authentication protocols developed by the FIDO Alliance. This nonprofit organization seeks to standardize authentication at the client and protocol levels. This is intended to eliminate passwords that are often ineffective and outdated from a security standpoint. The FIDO protocol uses standard public key cryptography to protect user authentication. All communications are encrypted, and the private key never leaves the user\’s device, making it less likely that someone will detect them during the transfer. Biometric information is also used for authentication and is stored on the user\’s device, making these authentication processes more powerful and secure.
The FIDO Alliance focuses on creating authentication standards that “help reduce the world’s over-reliance on passwords.” The idea of using biometrics instead of passwords to authenticate users. The FIDO Alliance develops technical specifications that define open standards for various authentication mechanisms that all work together.
The fact that FIDO is an open standard means that it is intended for a wide range of uses. In short, FIDO is open to the public and can be freely adopted, implemented, and updated.
Open standards are also widely accepted by the developer community as they are managed by a group of stakeholders who ensure that the quality and interoperability of the standard is maintained.
The FIDO Alliance has published three sets of specifications, all of which are based on public key cryptography:
- Universal Authentication Framework (UAF) allows online service providers to provide users with a password-less sign-on experience. If additional security is required, multi-factor sign-on experience is also available.
- Universal Second Factor (U2F) U2F requires users to provide two pieces of evidence to verify their identity. What they know, such as usernames and passwords What they have, such as registered key fobs and USB devices. Known as U2F authentication tokens or security keys, these security devices can use USB, NFC (Near Field Communication), or Bluetooth technology to complete the authentication process.
- FIDO2 Is based on two open standards: the FIDO Client To Authenticator Protocol (CTAP) and the W3C standard WebAuthn. The two work together to provide users with a password-less authentication experience or a two-factor and multi-factor authentication experience when additional protection is required. These experiences include embedded authenticators such as biometrics and PINs or roaming authenticators such as fobs and USB devices.
The specifications included in FIDO2 are
- WebAuthn. It defines a standard Web API that integrates with platforms and browsers to support FIDO authentication. It provides an interface for creating and managing public key credentials and can communicate with CTAP1 and CTAP2 authenticators.
- CTAP1 is the new name for the FIDO U2F protocol. Provides users with two-factor authentication. This authentication requires you to connect your security device to your computer or touch a device near your NFC reader to access online services.
- 3. CTAP2 allows the authenticator to be used as both the first and second element of authentication, allowing users to experience password-less authentication or two-factor and multi-factor authentication.
How FIDO Works?
Standard public key cryptography techniques are employed by the FIDO protocols to offer more robust authentication. The user\’s client device generates a fresh key pair during the registration process for an online service. It registers the public key with the web service and keeps the private key. By signing a challenge, the client device authenticates itself and demonstrates that it is in possession of the private key to the service. Only until the user unlocks them locally on the device can the client\’s private keys be used. A simple and safe method, including swiping a finger, entering a PIN, speaking into a microphone, inserting a second-factor device, or pressing a button, is used to unlock a device locally.
The primary goal of the FIDO protocols is to safeguard user privacy from the very beginning. The protocols don\’t offer any information that other internet services could utilize to work together and follow a person between services. If biometric data is utilized, it is never removed from the user\’s device.
