What is FIDO?
FIDO (Fast IDentity Online) is an open standard for easy and secure authentication. FIDO specifications and certifications enable an interoperable ecosystem of hardware-, mobile- and biometric-based authenticators which can be used with many apps and websites. For more information, see the FIDO Alliance website. You can find out here how FIDO operates.
The FIDO2 project consists of the web authentication specification (WebAuthn) of W3C and the related CTAP protocol (client-to-authenticator protocol) with which users can use FIDO devices for easy authentication for online services. FIDO2 is to some extent an advanced development of the FIDO protocols U2F and UAF.
WebAuthn and CTAP
FIDO U2F (Universal 2nd Factor)
U2F is an open 2-factor authentication standard which enables secure access to any number of web-based services – immediately and without drivers or client software. The U2F specifications were originally developed by Google with participation by Yubico and NXP. Today, everything is managed under the auspices of the FIDO Alliance (Fast IDentity Online). The Alliance was founded in 2012 with members that included PayPal and Lenovo. Its goal was to develop user-friendly and secure alternatives to passwords.
Besides offering the basic advantages of 2-factor authentication, U2F has the following properties:
- No shared secrets – Unlike OATH, for example, U2F Public utilizes key cryptography and no shared secrets.
- Anonymous – New public keys for each side
- User experience – The user should not need to enter any codes or install any drivers
- Universal – Hardware tokens, fingerprint readers, software tokens, etc. / USB, NFC, BLE / Registration on any number of websites
- Open standard
- Supported by industry leaders – like Google, PayPal, Microsoft, Bank of America, Mastercard and VISA