Based on free, open standards from the FIDO Alliance, Fast IDentity Online (FIDO) authentication enables password-only logins to be replaced with secure, fast login experiences across websites and apps. This is accomplished by using standard public-key cryptography to provide strong authentication and leave zero data at rest.

With FIDO, the user’s device must prove possession of the private key by signing a challenge for sign-in to be completed. This can only occur once the user verifies the sign-in locally on their device, via quick and easy entry of a biometric, local PIN or touch of a FIDO security key. Sign-in is completed via a challenge-response from the user device and the online service; the service does not see or ever store the private key. 

Why Should I Trust FIDO?

1. Based on public-key cryptography (keys stay on the device)
2. No server-side shared secrets to steal
3. Protects against phishing, man-in-the-middle, and replay attacks
4. No linkability between services or accounts and no third party in the protocol
5. Lower development/maintenance costs and little-to-no provisioning costs
6. Faster time to market, user-friendly, and future-proof
7. Lower breach risks, potential damages, and password reset costs
8. Supports both contact (USB A/C) and contactless (NFC) use cases
9. Multi-protocol FIDO U2F, FIDO2, smart card (PIV), and OTP support
10. Trade Agreements Act (TAA)-compliant and made in the U.S.A.

Passwords, and other forms of legacy authentication such as SMS OTPs, are knowledge-based, a hassle to remember, and are easy to phish, harvest and replay. Passwords are the root cause of over 80% of data breaches.

Instituting FIDO opens the door for organizations to marry security priorities with user experience: while many IT teams express frustration at employees using the same password across several applications, employees often chafe at having to remember multiple passwords that must be changed often. FIDO allows for better security and eliminates passwords, a win-win for all involved.