Term of the Moment
DynaTAC
Redirected from: Fast ID
Definition: FIDO
(1) For email, see FidoNet.
(2) (Fast IDentity Online) A technology from the FIDO Alliance that authenticates a user logging into a website or online service. Introduced in 2013, FIDO is called a "passwordless" system. Instead of username and password, FIDO users sign in with a "passkey," and the same passkey can be used all the time. This is exactly the opposite of the "never use same password" advice.
This Is Me and I can Prove It
The passkey may be a simple numeric PIN or a biometric such as a fingerprint, or both may be used, However, passkeys only begin the process. The passkey identifies the user but the digital signature authenticates the user (see below). See password.
FIDO Uses Private/Public Key Pairs
Following the diagram above, when users open an account online, their device generates a public/private key pair, and the public key is sent to the website. Private keys are never transmitted to, or stored on, the website server. At login, after the passkey authentication identifies the user, the website sends the client a random string of data to serve as a challenge.
Internal and External Authenticators
There Is Major Support
Influential companies are adding FIDO support to their logins, but a totally passwordless future will take time to implement. Having private keys means backing them up, especially if external authenticators are used. Most importantly, most all major websites must support FIDO to make it truly worthwhile. For protocol details, see FIDO protocols. See password manager.
(2) (Fast IDentity Online) A technology from the FIDO Alliance that authenticates a user logging into a website or online service. Introduced in 2013, FIDO is called a "passwordless" system. Instead of username and password, FIDO users sign in with a "passkey," and the same passkey can be used all the time. This is exactly the opposite of the "never use same password" advice.
This Is Me and I can Prove It
The passkey may be a simple numeric PIN or a biometric such as a fingerprint, or both may be used, However, passkeys only begin the process. The passkey identifies the user but the digital signature authenticates the user (see below). See password.
FIDO Uses Private/Public Key Pairs
Following the diagram above, when users open an account online, their device generates a public/private key pair, and the public key is sent to the website. Private keys are never transmitted to, or stored on, the website server. At login, after the passkey authentication identifies the user, the website sends the client a random string of data to serve as a challenge.
FIDO authenticators generate the keys and handle the login process thereafter. The keys are stored in the devices security chip. If an external authenticator is used such as the USB and smart card examples above, users can log in on any computer. (Images courtesy of Yubico and CRYPTNOX SA.)
There Is Major Support
Influential companies are adding FIDO support to their logins, but a totally passwordless future will take time to implement. Having private keys means backing them up, especially if external authenticators are used. Most importantly, most all major websites must support FIDO to make it truly worthwhile. For protocol details, see FIDO protocols. See password manager.