Fast Identity Online (FIDO)

Fast Identity Online (FIDO)is a set of open technical specifications for mechanisms of authenticating users to online services that do not depend on passwords. FIDO authentication seeks to use the native security capabilities of the user device to enable strong user authentication and reduce the reliance on passwords.

FIDO defines two key protocols: (i) Universal Authentication Framework (UAF) Protocol, and (ii) Universal 2nd Factor (U2F) Protocol.

The UAF protocol is designed to enable online services to offer password-less and multi-factor security by allowing users to register their device to the online service and using a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. In order to authenticate, the user performs local authentication on the registered device using the registered authentication mechanism instead of entering their credentials on the login page of the online service. UAF allows for using one or a combination of authentication factors when authenticating on device – i.e. fingerprint + PIN.

The U2F protocol is designed to enable online services to augment their traditional password-based authentication with the second factor of authentication that is presented via a USB device or NFC interface. The use of a local interface requires web browsers to support FIDO U2F.

“Under the hood” FIDO utilizes asymmetric cryptography to ensure that sensitive data such as secrets, biometric prints and images remain on a device at all times and are not transmitted to the authenticating service.

Frequently Asked Questions
What is FIDO ASM?

In FIDO UAF, Authenticator-Specific Module (ASM) is a software-based abstraction layer (middleware of sorts) that decouples the FIDO UAF Clients from the underlying hardware and enables a standard interface to available device interfaces/authenticators (i.e. fingerprint sensor).

What is a U2F device?

U2F device is a hardware authenticator that connects to the host computing device via the USB or NFC interfaces and acts as a second factor of authentication to online services.

What is FIDO ledger?

FIDO ledger is a misnomer. Ledger is a company that manufactures a hardware wallet for cryptocurrencies, which also supports FIDO standards for authentication.

Who is a part of FIDO Alliance?

FIDO enjoys broad industry support. Current list of supporters can be viewed on the FIDO Alliance site https://fidoalliance.org/participate/members-bringing-together-ecosystem/

What’s the difference between U2F and UAF? Why two separate standards?

The UAF protocol is designed to enable online services to offer password-less and multi-factor security by allowing users to register their device to the online service and using a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc.

The U2F protocol is designed to enable online services to augment their traditional password-based authentication with the second factor of authentication that is presented via a USB device or NFC interface.

What is the goal of FIDO2?

FIDO is an effort by the FIDO Alliance to further increase the breadth of devices that can be used for FIDO authentication.

Which authentication protocols are part of the FIDO Alliance?

• Universal Authentication Framework (UAF), enabling passwordless authentication via a method local to a user’s device

• Universal Second Factor (U2F), enabling the use of a hardware token or other device as a second factor

• User to Authenticator Protocol (CTAP), enabling a FIDO-enabled device to authenticate a user accessing an application via a WebAuthn-enabled web browser on another device

Related Terms