FIDO Authentication: What It Is and Why It’s So Powerful
Elevating Trust by Providing Proof of Presence
How can we be sure that people are who they say they are? The search for a secure, scalable and convenient way to authenticate users has been a constant in the digital age. Passwords clearly don’t cut it, in spite of their ubiquity — in fact, more than 80% of data breaches involve weak or stolen passwords.
Enter FIDO, a set of authentication standards based on public key cryptography that replaces passwords with fast, secure logins powered by cryptographic credentials that never leave the user’s device.
FIDO, which stands for Fast Identity Online, originates with a group of leading tech companies, who banded together to make authentication easier and more secure. The FIDO standards, established by the FIDO Alliance can be built directly into almost any device — as opposed to proprietary, device-specific security.
In this post, we’ll explain how FIDO works, what makes it so powerful and how companies can take advantage of it in both consumer and workforce authentication scenarios.
What is FIDO?
In short, FIDO is an open standard for multi-factor-authentication (MFA) used to enable secure passwordless login and access granting. As mentioned above, it leverages public key cryptography to authenticate users on websites and applications.
First, users register a device — a smart card, security key, computer, or mobile device, — to a FIDO compatible service. Then, they are issued a private key, unique to each application, that’s stored on their device. Once that’s done, the private key can be called upon to authenticate them in the future, protected by device-specific methods like PIN or biometrics. FIDO helps elevate trust and convenience by enabling users to be in full control of their digital identity and personal credentials.
By storing the private keys on the device and not on a server, FIDO prevents the keys to be breached through a single attack on the corporate network or cloud service, unlike password manager solutions like LastPass where a single security breach can expose millions of credentials.
No wonder Apple, Google and Microsoft committed to expand their support for FIDO across their devices and ecosystem in 2022 and give organizations the ability to offer an end-to-end passwordless experience. As of January 2023, Apple added the ability to use physical security keys such as HID Crescendo Key to login to your AppleID account – enabling even stronger protection of Apple users accounts.
FIDO’s Power Goes Beyond Passwordless Login
FIDO enables organizations to secure log-ins and digital assets via passwordless authentication — a method that’s convenient for users, cuts down on expensive reset requests and cannot be intercepted or cracked by attackers. But passwordless login is not the only use case.
In the realm of consumer authentication, organizations can use FIDO to:
- Prove their customer’s identity prior to authorizing a high-value transaction
- Provide additional verification when requesting a high-risk transaction
- Enable users with intuitive self-managed recovery of old accounts on an active device. Alternatively, help them get fast and secure access to their active accounts from a new device, all while keeping device enrollment and user verification costs down
At the enterprise level, FIDO greatly reduces the risk of social engineering attacks, which are involved in up to 98% of cyber attacks and 90% of data breaches. Other use cases for workforce authentication include:
- Self-Service recovery of user account credentials on enterprise applications
- Gaining fast passwordless access to corporate resources from anywhere, at any time
- Enhancing security on more sensitive applications by requiring users to authenticate with FIDO before unlocking access — eliminating the risk for man in the middle or fishing attacks
HID’s Commitment to FIDO
HID is a member of the FIDO Alliance and is proud to support the security standard on multiple fronts through the HID Authentication Platform. HID Crescendo® keys and cards offer FIDO U2F functionality as well as digital signature and data encryption — and can be used in combination with an integrated RFID antenna to grant building access, handle cashless payments or power secure printing.
In addition, HID has been working closely with partners like Microsoft and Citrix to enhance the adoption of FIDO2 through our FIDO-enabled Crescendo cards and keys, and help facilitate a secure and hybrid workplace.
According to Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), “FIDO is the gold standard for MFA and the only widely available phishing resistant authentication.”
As cyber attacks continue to break records in terms of both volume and cost, that makes it a wise investment.
You don’t have to put up with passwords — or the security risks that come with them. Learn more in our Executive View, The Passwordless World Is Here >>
Stephen Allen is a senior product manager for HID IAMS' Authentication portfolio and a cyber security professional who wants to challenge the way you think about digital security. He uses his 18+ years of industry experience to help customers, Channel and OEM integration partners successfully solve business challenges by delivering solutions, not just technology. Prior to HID, Stephen has worked for companies such as Thales delivering cloud encryption and key management solutions to cloud providers such as AWS and Google as well as numerous well-known telco companies and governments globally.