Officially FIDO Certified™ by the Fast IDentity Online (FIDO) Alliance | Native support by Chrome or any other FIDO-compliant browser |
Compact form factor attaches easily to a keychain without bulk | Sign in to dozens of accounts with a single device. |
Combats real-time attacks such as man-in-the-middle (MITM) | Protect everything from email to online storage accounts |
Overview
FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near field communication (NFC).[1] The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button. The specifications emphasize a device-centric model. Authentication over the wire happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.
FIDO provides two types of user experiences depending on which protocol is used. Both protocols define a common interface at the client for whatever local authentication method the user exercises.