FIDO (Fast IDentity Online) is a certification for a set of authentication protocols and specifications, with the aim of ultimately eliminating the use of passwords across all platforms, including desktops, mobile devices, and any service requiring identity verification. FIDO authentication is the brainchild of FIDO Alliance.
FIDO Alliance is an open industry association, also known as consortium, formed by a group of leading companies, government agencies, and financial institutions in 2012. An explanation of its goals include changing the way users authenticate online. With a strong belief that passwords are a thing of the past, and them being one of weakest links in online security.
Passwords are costly to manage, easily compromised, and add frustrating friction for users, negatively impacting the experience.
FIDO's process of authentication has quickly gained traction, revolutionizing news and overview reports on the future of cybersecurity.
The success of FIDO authentication is driven by the collaboration of various industry leaders.
The Alliance members list includes major companies and organizations (more than 250!) of many kinds, some of them are:
All these collaborate to promote secure, passwordless authentication methods, ensuring the public understands the advantages of moving beyond traditional password use.
Over the years, FIDO Alliance has published three sets of specifications, all based on public key cryptography:
The first FIDO protocol allowed users to sign up and log in to services without passwords by using biometrics or a PIN on their personal device, such as a smartphone or laptop.
The second protocol released by FIDO Alliance, essentially enhances passwords, by requiring users to use a hardware security key in addition, for two factor authentication (2FA).
The newest standard from FIDO Alliance, considered to be a combination of the previous two, consists of two components:
Combining these two was a big step forward in the FIDO mission to eliminate passwords.
As the technology evolved, and more companies adopted FIDO Authentication solutions, the concept of passkeys emerged.
Passkeys, also based on public and private key cryptography, represent a user’s private key securely stored on a device, enabling seamless logins across ecosystems.
FIDO passkeys are already integrated by major players like Apple, Google and more.
Dive deeper into passkeys here.
FIDO authentication solves the password problem by enabling the user to sign up to a FIDO-enabled product or service by just using their biometric features, such as fingerprint and face recognition, making it super smooth for the user, while being ultra secure behind the scene.
FIDO protocols use a cryptography approach called asymmetric encryption.
When a user registers with a service, the protocol generates a unique set of keys, one public, stored on the service server, and one private, securely encrypted on the user’s device, the private key never leaves the device.
When a user logs in to a service, the service sends a request (called a challenge) to the device, requiring the user to use their unlock mechanism, and verify it using the stored private key.
By eliminating passwords, many benefits are unveiled, both for companies and organizations, and for the user. These include improved security such as:
The future of FIDO focuses on broad passwordless adoption. With Apple, Google, and Microsoft integrating the FIDO2 standard into their platforms, the path to eliminating passwords becomes even clearer. Passkeys represent a giant leap forward, providing users with a more secure and convenient way to authenticate across devices while owning their private keys.
FIDO’s approach of combining user experience and security, is set to revolutionize online security. Moving forward, we can only expect the FIDO Alliance to become more universal and continue to promote a future free of passwords, with minimal phishing risks, and authentication both effortless and as secure as possible.
As this transformation takes better shape, FIDO will keep leading the charge toward a more trusted and efficient digital world.
The 2024 Online Authentication Barometer study, conducted by FIDO Alliance, showed a huge increase in awareness and adoption of passkeys: 57% of consumers are now aware of passkeys, up from 39% in 2022. This momentum shows that consumers seek better and easier access.
The study, conducted in 10 countries, found a notable shift towards passwordless and biometric-based authentication. The adoption rate is notably high in China and India with the UK and Japan following behind.
Passwords are still the most common sign-in method, but usage has fallen as users turn to alternatives such as biometrics for better security and user experience.
The report points out that password frustrations were causing cart abandonment, especially in the younger user groups, costing sales and loyalty.
Concerns around online scams and AI-driven threats are on the rise, as more than half of consumers see an increase in suspicious messages and online scams.
