In this article, we will explain why the FIDO Alliance was formed, what a FIDO passkey is, and how it became the solution for faster, safer authentication.
FIDO (Fast IDentity Online) Alliance is an open industry association formed in 2012 by a group of tech companies, aiming to improve the way users authenticate themselves online and reduce the reliance on passwords. They recognized the vulnerabilities of passwords and wanted to find ways to make it more simple and safe.
The Alliance developed and evolved new passwordless authentication specifications to make passwords obsolete, specifically, three key protocols
The first protocol, UAF, was introduced in 2014, followed by U2F later that same year, and FIDO2, which succeeded both, came later.
In 2022, Apple, Google, and Microsoft introduced support for a new FIDO credential known as a passkey.
By 2023, the FIDO Alliance embraced the term 'passkey' to refer to all types of FIDO credentials.
A FIDO passkey is an innovative digital key that simplifies and secures authentication across devices and apps. Built on standards developed by the FIDO Alliance, passkeys eliminate the need for traditional passwords by using public key encryption. Passkeys are stored on devices and signed with biometrics or device authentication mechanisms to ensure fast and secure access to websites and services.
FIDO Passkeys work by using public key cryptography, during registration to a new service, the user’s device generates a pair of keys, a public key, and a private key.
The public key is stored on the service’s server, while the private key is securely encrypted on the user’s device.
In the login process, the service sends a challenge to the device, and the user is asked to “unlock” the private key, using the device's built-in authenticator and unlock mechanism, usually, biometrics. The private key then signs the challenge and the user is now authenticated, without sharing any sensitive information.
Passwords have long been a security challenge: they can get phished, guessed, and stolen. Even with 2FA, passwords remain vulnerable.
With FIDO passkeys, these issues go away entirely, as there are no passwords at all, just cryptographic keys stored securely on devices.
Passkeys have many benefits, they are also more convenient as they eliminate password creation, management, and entry. By using biometric features, the login process is not only faster but much more resilient vs passwords.
Multi-device support: a FIDO passkey can be synchronized across ecosystems, such as in Google Password Manager or Apple's iCloud Keychain, making it easier to access accounts from different devices.
Enhanced Convenience: Users no longer need to remember complex passwords or use password managers. Authentication is quick and effortless with a fingerprint or facial recognition.
Platform Diversity: Passkeys work across major operating systems, browsers, and websites, supporting a wide range of use cases, from personal devices to enterprise environments.
Phishing Resistance: By using cryptographic keys stored securely on devices and not involving traditional passwords, passkeys are inherently resistant to phishing.
Implementation Challenges: Integrating FIDO passkeys into existing systems requires resources and technical expertise. Developers need to understand the FIDO standards and ensure compatibility with their platforms.
Device Dependency: While passkeys are stored securely on devices, users must have access to their devices or recovery mechanisms to authenticate. Losing all associated devices can pose a challenge.
Standard Adoption: Although FIDO passkeys are gaining traction, not all websites and platforms currently support them. Wider adoption is necessary for a fully passwordless future.
Education and Awareness: Users and organizations need to be educated about the benefits of passkeys and trained on how to recover them if a device is lost or replaced.
Initial Cost: Enterprises may face costs associated with updating infrastructure and training teams to implement FIDO passkeys.
FIDO passkeys are compatible with a wide range of devices, including Apple iPhones and iPads running iOS 16 or later, and Macs with macOS Ventura or newer.
Android devices with Android 9 or higher also support passkeys, with synchronization through Google Password Manager.
Windows 10 and 11 users can use passkeys via Windows Hello.
Major browsers like Google Chrome, Safari, and Edge let you use a fido passkey, and several popular services such as Amazon, GitHub, PayPal, and LinkedIn are now enabling passkey authentication for enhanced online security.
The FIDO Alliance envisions a future where passwords are entirely obsolete, replaced by innovative methods like passkeys as the standard for authentication. FIDO is partnering with tech giants like Apple, Google, and Microsoft to extend passkey support across multiple devices, platforms, and ecosystems.
Emerging standards, such as the ability to securely transfer passkeys across platforms, signal a shift toward universal adoption. In the future according to FIDO, authentication will be faster, more secure, and easier to use, ensuring a safer online environment for individuals and organizations.
No, most recent smartphones, tablets, and computers have native support for FIDO passkeys without additional hardware.
For more information about passkey implementation and setup, check out our Integration and Implementation Guide.
Yes, they are stored securely on the device, however, losing the device doesn't compromise your account. They are synced across ecosystems and can be recovered even if all associated devices are lost. Also, some services offer more recovery options, for example, the iCloud keychain by Apple, lets you set up a recovery contact.
Yes, services like Google Password Manager and Apple's iCloud Keychain sync them across devices, making it possible to log in from different devices while keeping everything safe.
Additionally, the FIDO Alliance has published a working draft of a new specification, presented in two parts: the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF).
This specification enables the seamless exchange of passkeys between platforms, meaning passkeys become portable. Users will be able to switch devices or ecosystems without losing access to their accounts. For instance, passkeys stored in iCloud could be transferred to Android devices, offering greater flexibility.
FIDO passkeys are supported on a wide range of devices, including:
No, FIDO passkeys do not require an active internet connection for authentication. The private key is stored locally on the user’s device and is used to sign the challenge provided by the service. However, the service you are trying to access may require an internet connection.
FIDO passkeys replace passwords entirely, while two-factor authentication (2FA) still relies on a password as the primary authentication factor. Passkeys remove passwords from the equation, streamlining the process and making it faster and more secure. Additionally, passkeys inherently function as multi-factor authentication (MFA) as they require both something you have (a device) and something you are (biometrics).
The FIDO logo signifies compliance with the FIDO Alliance's passwordless authentication standards. Devices, platforms, or services displaying this logo ensure a secure and interoperable authentication experience.
