FIDO is an open standard authentication technology which enables highly secure, passwordless and phishing resistant multi-factor authentication for users. From its conception in 2009, FIDO has been an open standard protocol, developed by an alliance of major technology leaders for use across different technologies, devices and operating systems. FIDO is now widely supported by the Chrome, Windows, FireFox, iOS, MacOs, and Android systems.
FIDO2 (also referred to as WebAuthn) uses standard public key cryptography protocols to bypass the need for a password. When a user registers with an online service, the FIDO2 supported device creates a new key pair. The trusted device stores this private key locally, while the public key is registered to the online service.
When the user logs into the online service, the local device issues an authentication challenge, such as asking for the device password, a biometric check, or a hardware token. When the challenge is passed, the private key can be matched with the public key, and the user can access their accounts or services.
Replacing passwords with FIDO-supported authentication profoundly improves security. It reduces the risk of account compromise by enforcing phishing resistant two-factor authentication, removing the risk of weak passwords, and supporting the use of biometrics which make it extremely difficult for attackers to compromise your accounts.
As FIDO is open standard, a range of identity and technology applications and devices have emerged which support FIDO authentication standards and integrations. Some are linked to specific operating systems and devices – such as Apple Passkeys and Windows Hello – while others are designed for enterprise use cases, such as Yubico’s Yubikey and Cisco’s Duo. Some of these platforms also support secure single sign-on (SSO). In this guide we’ll take a look at the top 11 FIDO supported authentication solutions, comparing features, pricing, and more.
FIDO: Everything You Need To Know (FAQs)
What Is FIDO?
FIDO (Fast Identity Online) is a set of open-source industry standards that enforce strong, passwordless authentication for digital accounts. These standards were developed by the FIDO Alliance, a consortium of technology leaders, including Google, Microsoft, Apple, and many others. This alliance’s aim was to create a set of standards, compatible with all devices and technologies, that reduced reliance on passwords, whilst improving account security. This has led to faster, more secure login processes becoming more common. Passwords can be replaced by secure, FIDO-enabled hardware keys, or biometric checks such as TouchID and FaceID.
What Is FIDO2?
FIDO2 is used for the most recent set of specifications released by the FIDO consortium. They are based around the W3Cs’ WebAuthn specification (a global standard for secure authentication, widely supported by browsers and devices) and the FIDO Alliance’s own Client-To-Authenticator Protocol.
FIDO2 is focused around making passwordless experiences easy for developers to build into applications and services via an API. This enables developers to build authentication workflows using FIDO2 supported technologies – such as Apple Passkeys – into apps and services. This will, in turn, enable more users to have access to technologies that use the FIDO protocol, increasing its uptake and securing more users.
How Does FIDO Work?
For FIDO to work, the user must have a FIDO authentication method, such as a smartphone with FIDO supporting biometrics (Android, iOS) or a hardware key, such as a YubiKey. These are solutions listed in the article above.
Assuming the user has a FIDO-enabled device, the process is as follows:
- The user registers with an online service, which creates a new key pair, one stored locally (private) the other stored by the service (public).
- When the user logs into the service, they must pass an authentication check, such as a biometric scan or inserting a hardware token to verify their identity.
- If the check is successful, the private key is matched with the public key and the user is authenticated.
What Are The Benefits Of FIDO?
There are a huge number of benefits to using FIDO over the traditional username/password login process, both for user convenience, and for improving security:
- Streamlined authentication: With FIDO, the login process is smooth and straightforward. Users no longer need to create and manage passwords, while public keys can be synced across FIDO-enabled devices.
- Stronger credentials: Passwords are often weak, easy-to-guess, and reused by users across multiple accounts. This makes them incredibly vulnerable. Private keys, on the other hand, cannot be reused and are always strong.
- Cannot be breached: As private keys are only stored on local devices, they cannot be breached in server leaks, and are, therefore, more protected from hackers.
- Cannot be phished: Similarly, passwords are at risk from social engineering, phishing, and MFA bypass attacks.
- Wide support: FIDO has achieved wide support in the industry with some of the industry’s biggest players – Apple, Microsoft, and Google – using it across their product range. FIDO authentication can also be used alongside conventional passwords.
What Is The FIDO Alliance?
The FIDO Alliance is an open industry association that was launched in February 2013, with the goal of developing and promoting authentication standards that move away from passwords and insecure security settings. They saw the overreliance on passwords as a risk and an opportunity for innovation.
Their mission is to develop technical specifications that define an open, scalable, interoperable set of mechanisms which work to reduce that password reliance. They also operate industry certification programs to help facilitate worldwide adoption of the specifications.
The FIDO Alliance has over 250 members, including notable global tech leaders across enterprise, telecon, payments, healthcare, and government. Leading companies with board level membership include Google, Microsoft, Apple, Facebook, Amazon, American Express, Mastercard, PayPal, VISA, and OneSpan.
Is FIDO The Future?
We spoke to Microsoft’s Director Of Identity Security Alex Weinert about the future of the space. Here’s what he told us:
“As an industry, we’re trying to move away from passwords altogether. It turns out all password attacks fail if there’s no password. So, moving to things like the FIDO standard is essential. The FIDO standard is cool, in part, because, as well as being cryptographically very strong, it allows for many different form factors.
“[Apple’s] Passkey is going to bring the FIDO standard to mass market. Every single phone in everybody’s pocket is going to be a FIDO key. And it’s going be well-integrated into the operating system experience.
“As a result of that, I think we can see probably a mass market shift away from passwords. The Cybersecurity Executive Order in the United States and the NCSC in the UK also provides guidance that moves us away from passwords. So hopefully, we actually don’t get everybody to adopt password plus MFA. Hopefully, we get ready to actually switch to this single, passwordless thing.”
Joel Witts
Content Director
Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.
Craig MacAlpine
CEO and Founder
Craig MacAlpine is CEO and founder of Expert Insights. Before founding Expert Insights in August 2018, Craig spent 10 years as CEO of EPA cloud, an email security provider acquired by Ziff Davies, formerly J2Global (NASQAQ: ZD) in 2013, which has now been rebranded as VIPRE Email Security. Craig has extensive experience in the email security industry, with 20+ years of experience helping organizations to stay secure with innovative information security and cyber security solutions.
