For email, see FidoNet
nline) A technology from the FIDO Alliance that authenticates a user logging into an online service without having to enter username and password. Founded in 2013, the Alliance introduced biometric and two-factor authentication a year later.
In May 2022, Apple, Google and Microsoft announced support of FIDO. A "passwordless" future with guaranteed security for every user would be greeted with great enthusiasm.
FIDO UAF and FIDO U2F
UAF (Universal Authentication Framework) is the biometric protocol, and U2F (Universal Second Factor) supports PINs and USB keys. See two-factor authentication
and USB key
FIDO2 uses WebAuthn (Web Authentication specification) and FIDO's CTAP (client-to-authentication protocol) to enable smartphones to work as authenticators. See WebAuthn
FIDO Client/Server Interaction
A FIDO-Certified USB Key
When a user opens an account, the FIDO client registers with the provider's server. At login, the server sends the FIDO client a challenge, which is a value that will be returned encrypted with a digital signature. See public key cryptography
and digital signature
This YubiKey FIPS is certified for FIDO second-factor authentication, and it meets federal standards (see FIPS 140-2
). (Image courtesy of Yubico, www.yubico.com)