Fast Identity Online (FIDO) is an all-encompassing term typically used to refer to the FIDO Alliance or FIDO authentication standards. The FIDO Alliance is a non-profit organization that develops and promotes authentication standards to “help reduce the world’s over-reliance on passwords.”
FIDO authenticationWhat is Authentication? Authentication is the process by which the identity of a user or system is verified. It ensures that the entity attempting to access a resource is who… is a set of open security standards based on public key cryptography, outlining user authentication mechanisms that, if implemented, would eliminate the need for passwords. The overarching principle of FIDO authentication is to store Personally Identifiable Information (PII)What is Personally Identifiable Information (PII)? Personally Identifiable Information (PII) is data that can be used to distinguish an individual’s identity. These can include identifiers that pinpoint the person exactly,… locally on a user’s device, thus removing the inherent risk of storing data on external servers, such as the cloud.
There are four fundamental types of FIDO authentication:
There are two separate components of FIDO authentication you should be aware of:
Passkeys, or multi-device FIDO credentials, aim to replace the traditional password. When a user signs up for a new application or service, it provides them with a passkey stored on the user’s device. When they want to log in to the application or service, the user completes their device and primary authentication method – a fingerprint scanner, for example – to use the passkey and log into their account. Passkeys are a roaming authenticator, meaning users can leverage them across multiple devices, while the device itself is a platform authenticator.
FIDO security keys are small devices – such as a USB or smart card – that allow for secure access to applications or websites. When a user signs up with a new application or website, they present the security key to generate a new key pair. The security key shares the public key with the application, but the private key remains hidden. When the user logs in for the first time, the application will offer a challenge that, if matched by the calculated value of their security key, allows them to log in. Security keys are a form of roaming authenticator, but the device they interact with are platform authenticators.
FIDO is the future of authentication. The persistent threat of phishingWhat is Phishing? Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive… scams and usability issues inherent in traditional password practices makes FIDO authentication an attractive option for organizations looking to protect themselves from identity-based cyber-attacks. While the general consumer needs to be educated further on FIDO authentication, it’s clear that it’s already a viable replacement for the traditional password.
For more essential cybersecurity definitions, check out our other blogs below: