Teleport 15 Unveiled: Elevating Access and Security Across Infrastructure
Feb 21
Virtual
Register Today
Teleport logoTry For Free
Learn > Infrastructure Access 101 > Authentication

What is FIDO (Fast IDentity Online)?

Posted 6th Feb 2023 by Travis Rodgers

FIDO, or Fast IDentity Online, is a group of open standard authentication protocols created to strengthen and simplify the security of online authentication by reducing the reliance on passwords. These protocols make use of public key cryptography, where private keys never leave a user’s device and public keys serve to validate specific endpoints. These protocols provide a unified way for users to securely log into online services using an assortment of devices such as mobile phones, laptops, and tablets.

What is the FIDO Alliance?

The FIDO Alliance is the association overseeing these authentication standards and serves to educate with certification programs, memberships, and member-driven working groups. Founded in July of 2012 by PayPal, Lenovo, etc. and publicly launched in 2013, the alliance has since added names such as Google, Yubico, Apple, and NXP, and continues to evolve with its core component, WebAuthn, being named an official web standard with support for major browsers and smartphones.

FIDO specifications

There are currently three sets of specifications for simple and strong user authentication. The first generation of FIDO consisted of U2F and UAF, and has now evolved into FIDO2.

FIDO U2F

FIDO U2F (Universal 2nd Factor) is a universal authentication standard that provides an additional layer of security for traditional password-based online accounts. Think of this as adding something you have (a physical security key) with something you know (a password). After authenticating with a password, a challenge is then sent to a physical device, a security key plugged into a USB port, prompting the user to tap. The user taps the key and the authentication process completes. With the emergence of FIDO2, U2F is now called CTAP1.

FIDO UAF

FIDO UAF (Universal Authentication Framework) offers users a passwordless experience. With UAF, the user will register a UAF-enabled device (i.e. smartphone) with an online service and register a local authentication method such as fingerprint, facial recognition, or by speaking into the mic. After registration, the user simply needs to repeat this action to authenticate without having to enter a password.

FIDO2

FIDO2 is the second, and latest, generation of FIDO, combining the features of U2F and UAF into a more modern, global standardization. There are two main parts to FIDO2:

  1. A Web Authentication API, better known as WebAuthn, that allows web applications to implement FIDO authenticators.
  2. CTAP2 which is the same as U2F, but now allows mobile devices as external authenticators.

With these FIDO open standard authentication protocols, we can eliminate the need for complex passwords and the bad practices that associate with them. Instead, users can access their online accounts with a combination of biometric data such as fingerprints, facial recognition or via security keys that can be plugged into a USB port or used wirelessly.

As the threats of data breaches increase, protocols like FIDO compliance, adopted by big companies in tech, will prove more and more to be the way forward in protecting the sensitive information of online users.