Term of the Moment

emulator


Look Up Another Term


Redirected from: Universal Second Factor

Definition: FIDO


(1) For email, see FidoNet.

(2) (Fast IDentity Online) A technology from the FIDO Alliance that authenticates a user logging into a website or online service. Introduced in 2013, FIDO is called a "passwordless" system. Instead of username and password, FIDO users sign in with a "passkey," and the same passkey can be used all the time. This is just the opposite of the "never use the same password" advice. The passkey may be a simple numeric PIN or a biometric such as a fingerprint. In addition, an external security key or smart card may be used. See password.

The keys are stored in the external device or the most secure storage in a computer such as the PC's Trusted Platform Module (TPM) or the Mac's Secure Enclave (see TPM and Secure Enclave).

There Is Major Support
Influential companies are adding FIDO support to their logins, but a totally passwordless future will take time to learn and implement. Having private keys means backing them up. Even an external security key must be backed up in case of damage. If all FIDO logins are created on one platform, how does one switch platforms or temporarily use another? Most importantly, the majority of logins on prominent websites must support FIDO to provide the value everyone would love to have. For FIDO1 and FIDO2 specifications, see FIDO protocols.




How FIDO Works - Public Key Cryptography
When users open an account, their devices generate public/private key pairs, and the public keys are sent to the websites. Private keys are never in transit. At login, the server sends the client a challenge that is returned with a digital signature that is verified by the user's public key. See public key cryptography, digital signature and FIDO protocols.








External Authenticators
A FIDO authenticator generates the keys and handles login authentication thereafter. External authenticators are USB keys (top) and wireless smart cards (bottom). In contrast, an internal platform authenticator, such as Windows Hello, is built into the OS. (Images courtesy of Yubico and CRYPTNOX SA.)








Passkeys Are Offered Now
Increasingly, users are given the option of creating a passkey as in this example from the Coinbase cryptocurrency exchange. (Images courtesy of Coinbase.)