Fast Identity Online (FIDO) is an all-encompassing term typically used to refer to the FIDO Alliance or FIDO authentication standards. The FIDO Alliance is a non-profit organization that develops and promotes authentication standards to “help reduce the world’s over-reliance on passwords.”
FIDO authentication is a set of open security standards based on public key cryptography, outlining user authentication mechanisms that, if implemented, would eliminate the need for passwords. The overarching principle of FIDO authentication is to store Personally Identifiable Information (PII) locally on a user’s device, thus removing the inherent risk of storing data on external servers, such as the cloud.
There are four fundamental types of FIDO authentication:
There are two separate components of FIDO authentication you should be aware of:
Passkeys, or multi-device FIDO credentials, aim to replace the traditional password. When a user signs up for a new application or service, it provides them with a passkey stored on the user’s device. When they want to log in to the application or service, the user completes their device and primary authentication method – a fingerprint scanner, for example – to use the passkey and log into their account. Passkeys are a roaming authenticator, meaning users can leverage them across multiple devices, while the device itself is a platform authenticator.
FIDO security keys are small devices – such as a USB or smart card – that allow for secure access to applications or websites. When a user signs up with a new application or website, they present the security key to generate a new key pair. The security key shares the public key with the application, but the private key remains hidden. When the user logs in for the first time, the application will offer a challenge that, if matched by the calculated value of their security key, allows them to log in. Security keys are a form of roaming authenticator, but the device they interact with are platform authenticators.
FIDO is the future of authentication. The persistent threat of What is Phishing? Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive… More scams and usability issues inherent in traditional password practices makes FIDO authentication an attractive option for organizations looking to protect themselves from identity-based cyber-attacks. While the general consumer needs to be educated further on FIDO authentication, it’s clear that it’s already a viable replacement for the traditional password.
For more essential cybersecurity definitions, check out our other blogs below: