In this article, we will explain why the FIDO Alliance was formed, what a FIDO passkey is, and how it became the solution for faster, safer authentication.
FIDO (Fast IDentity Online) Alliance is an open industry association formed in 2012 by a group of tech companies, with the aim of improving the way users authenticate themselves online and reduce the reliance on passwords. They recognized the vulnerabilities of passwords and wanted to find ways to make it more simple and safe.
The Alliance developed and evolved new passwordless authentication specifications to make passwords obsolete, specifically, three key protocols
The first protocol, UAF, was introduced in 2014, followed by U2F later that same year, and FIDO2, which succeeded both, came later.
In 2022, Apple, Google, and Microsoft introduced support for a new FIDO credential known as a passkey.
By 2023, the FIDO Alliance embraced the term 'passkey' to refer to all types of FIDO credentials.
FIDO Passkeys work by using public key cryptography, during registration to a new service, the user’s device generates a pair of keys, a public key and a private key.
The public key is stored on the service’s server, while the private key is securely encrypted on the user’s device.
In the login process, the service sends a challenge to the device, and the user is asked to “unlock” the private key, using the device unlock mechanism, usually, biometrics. The private key then signs the challenge and the user is now authenticated, without sharing any sensitive information.
Passwords have long been a security challenge: they can get phished, guessed, and stolen. Even with 2FA, passwords remain vulnerable..
With FIDO passkeys, these issues go away entirely, as there are no passwords at all, just cryptographic keys stored securely on devices.
Passkeys have many benefits, they are also more convenient as they eliminate password creation, management, and entry. By using biometric features, the login process is not only faster but much more resilient vs passwords.
FIDO passkeys are compatible with a wide range of devices, including Apple iPhones and iPads running iOS 16 or later, and Macs with macOS Ventura or newer.
Android devices with Android 9 or higher also support passkeys, with synchronization through Google Password Manager.
Windows 10 and 11 users can use passkeys via Windows Hello.
Major browsers like Google Chrome, Safari, and Edge let you use a fido passkey, and several popular services such as Amazon, GitHub, PayPal, and LinkedIn are now enabling passkey authentication for enhanced online security.
No, most recent smartphones, tablets, and computers have native support for FIDO passkeys without additional hardware.
For more information about passkey implementation and setup, check out our Integration and Implementation Guide.
Yes, they are stored securely on the device, however, losing the device doesn't compromise your account. They are synced across ecosystems, and can be recovered even if all associated devices are lost. Also, some services offer more recovery options, for example, iCloud keychain by Apple, lets you set up a recovery contact.
Yes, services like Google Password Manager and Apple's iCloud Keychain sync them across devices, making it possible to log in from different devices while keeping everything safe.
