Term of the Moment
burner phone
Definition: FIDO protocols
FIDO uses several protocols, which changed from the first version in 2013 to FIDO2 in 2018. The specifications for FIDO2 follow. See FIDO.
UAF
FIDO uses the Universal Authentication Framework (UAF) to select the authentication method, which can be a PIN or biometric (face, finger swipe, etc.).
WebAuthn
FIDO2 supports the World Wide Web Consortium's WebAuthn passkey authentication system, which is built into browsers and operating systems. See WebAuthn.
CTAP2
The Client to Authenticator Protocol 2 (CTAP2) supports external authenticators (see below) over USB, NFC and Bluetooth. The earlier FIDO Universal Second Factor (U2F) protocol was renamed CTAP1, often designated as FIDO U2F.
How It Works - Public Key Cryptography
UAF
FIDO uses the Universal Authentication Framework (UAF) to select the authentication method, which can be a PIN or biometric (face, finger swipe, etc.).
WebAuthn
FIDO2 supports the World Wide Web Consortium's WebAuthn passkey authentication system, which is built into browsers and operating systems. See WebAuthn.
CTAP2
The Client to Authenticator Protocol 2 (CTAP2) supports external authenticators (see below) over USB, NFC and Bluetooth. The earlier FIDO Universal Second Factor (U2F) protocol was renamed CTAP1, often designated as FIDO U2F.
When signing up for a passkey, FIDO generates a public/private key pair. The public key is sent to the website, but the private key is never in transit. At login, the server sends the client a challenge, which must be verified with the user's public key. See public key cryptography and digital signature. (Images of external authenticators courtesy of Yubico and CRYPTNOX SA.