FIDO (Fast Identity Online) authentication is a set of standards developed to enhance the security of online authentication processes by minimizing reliance on traditional passwords.
The FIDO Alliance, an industry consortium formed in 2012, leads the development of these standards. Their goal is to reduce the world’s dependency on passwords, which are often vulnerable to theft, reuse, and phishing attacks.
How FIDO Authentication Works?
Source: Canva Pro
FIDO authentication leverages public key cryptography to provide a more secure and user-friendly authentication mechanism.
When a user registers with an online service, their device generates a pair of cryptographic keys: a private key, which remains securely stored on the device, and a public key, which is registered with the online service.
Authentication involves the device proving possession of the private key by signing a challenge from the service. This proof is verified using the corresponding public key. Check out: https://secfense.com/microauthorizations/.
Key Components
FIDO2 is the latest iteration of the FIDO standards, comprising the WebAuthn and CTAP (Client to Authenticator Protocol) specifications. WebAuthn enables web applications to use FIDO-based authentication through standard web APIs.
CTAP allows external authenticators, like security keys, to communicate with a client device. UAF (Universal Authentication Framework) is the protocol in which the user registers their device by creating a key pair.
During login, the user performs a local authentication action (e.g., biometric recognition), which is used to unlock the private key stored on their device. U2F (Universal 2nd Factor) allows users to add a second-factor authentication device.