Platform Authenticators are ones that are integrated with a device and capable of capturing an authentication factor. Also called internal authenticators, they are growing in use as part of the FIDO Alliance’s FIDO2 authentication standard.
Platform authenticator examples include Touch ID, Face ID, and Windows Hello where the respective features include being embedded with the device as well as biometric scan, although biometrics are not required. With platform authenticators the primary device such as a laptop or smartphone contains the necessary components of a trusted platform module (TPM, such as Secure Enclave in the Apple example) as well as the fingerprint or facial scanner. The user actively or passively authenticates, the request is matched against encrypted information on the TPM, and they are granted access — all on the same device. Platform authenticators simplify authentication by holding both the root of trust and the user’s claims to it. They are fast and are generally used for (true) passwordless authentication.
Cross-platform or roaming authenticators, also called internal authentictors, are ones such as security keys and smartphones that can present a user’s access claims to another device or service. They are not part of the same platform or operating system as the primary device (say, laptop). These security keys and smartphones can facilitate access into a laptop, or an app running on a laptop, or an app integrated with a FIDO2-supported browser, by conveying the legitimacy of the claim over the CTAP communication protocols.
FIDO2 Certified products are addressing the interoperability challenges of platform and cross-platform authenticators by ensuring they all seamlessly integrate. Otherwise, the usefulness of a platform authenticator is limited since they are so closely tied to a device.
“FIDO2 Certified platform authenticators are a significant development in our journey to replace passwords. The fact that these large technology players and the ubiquity of their devices puts a dent in the interoperability gap that would exist if large players like Apple and Microsoft did not take a leadership role.”