nline) A technology from the FIDO Alliance that authenticates a user logging into an online service. In 2014, the Alliance introduced biometric and two-factor authentication methods.
Client and Server Interaction
When a user opens an account with an online service, the FIDO client in the user's app or browser registers with the FIDO counterpart in the provider's server. The FIDO client is used to select the authentication method (biometric or second factor), enroll the user and generate a private/public key pair. It keeps the private key in the user's device and sends the public key to the FIDO server. See public key cryptography
When logging in, the FIDO client performs the biometric or second factor verification and then receives a challenge from the server. The client digitally signs the challenge, which the server verifies using the public key stored in the user's account. See digital signature
FIDO UAF (Universal Authentication Framework)
The UAF is the biometric authentication protocol used by the FIDO client.
FIDO U2F (Universal Second Factor)
The U2F supports a second authentication device such as a USB security key or PIN. See two-factor authentication
FIDO2 is the latest generation. FIDO2 uses the W3C's Web Authentication specification (WebAuthn), built into major browsers such as Chrome and Edge, and FIDO's client-to-authentication protocol (CTAP), which enables smartphones and USB security keys to work as FIDO authenticators.
A FIDO-Certified USB Key
This YubiKey FIPS is certified for FIDO second-factor authentication, and it meets federal standards (see FIPS 140-2
). (Image courtesy of Yubico, www.yubico.com)