Security Encyclopedia

FIDO2 Web Authentication

FIDO2 is the umbrella term for a passwordless authentication open standard developed by the Fast Identity Online (FIDO) Alliance, an industry consortium comprised of technology firms and other service providers. FIDO 2 consists of two core components. The first is the WebAuthn API, which industry leaders are incorporating into their browsers, including Chrome, Edge, Mozilla, and WebKit. Second, there’s the Client to Authenticator (CTAP) protocol that provides FIDO 2-capable devices an interface for external authenticators via NFC, USB, or Bluetooth.

FIDO2 is often considered a successor to the previous authentication standards, FIDO UAF and FIDO U2F. Solutions built atop FIDO2 undergo rigorous certification to ensure that user credentials are decentralized, isolated and encrypted on users’ personal devices. The user’s private key is generated from a biometric such as a fingerprint or voice and is used to sign transactions initiated by a relying party. Going further, some solutions ensure that private keys are further protected in mobile devices’ hardware trust zones separate from the device’s rich operating system. The FIDO Alliance states that FIDO2 “reflects the industry’s answer to the global password problem” by addressing legacy authentication’s challenges as they pertain to security, usability, privacy, and scalability.

How HYPR Enables FIDO2

The HYPR Authentication Platform provides businesses and developers a wide array of authentication capabilities, including the FIDO 2 Web Authentication Framework. The FIDO 2 authentication standard consists of the W3C Web Authentication specification, WebAuthn API, and the Client to Authenticator Protocol (CTAP). HYPR is a working group member of the FIDO Alliance and has deployed FIDO-Certified authentication to millions of users across some of the world’s largest enterprises. HYPR provides FIDO 2 out of the box to enable true passwordless security across mobile, web and IoT applications.

FIDO2 Web Authentication Demo:

FIDO2 Web Auth’n Diagram

FIDO2 Passwordless Mobile Web Login

What is the FIDO2 Certification Badge?

Security and identity products certified by the FIDO Alliance may utilize the FIDO2 badge.

Example:

  • Security on the web has long been a problem which has interfered with the many positive contributions the web makes to society. While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link. WebAuthn will change the way that people access the web

    Dr. Jeffrey Jaffe
    W3C CEO