Whether on websites or portals, logging in with a username and password is neither up-to-date nor secure for a variety of reasons. With the increase in digitalization, we are all facing the same problem: how to manage all access data to online services efficiently and securely, taking into account the most important security requirements? Passwordless authentication with FIDO 2.0 provides the solution.
Countless online services lead to countless passwords – the initial situation
The constant increase in digitalization leads to the use of countless online services. Very active internet users may have to manage over 100 different passwords. Despite using unique and robust passwords (see also “Generating passwords for digital identity security“) and storing them in a password manager, maintaining passwords poses real security risks.
Passwordless authentication promises to increase security and user-friendliness at the same time. Instead of a password, cryptographic keys are used, which are generated and stored on hardware tokens or platform security chips. This reduces the interaction and administration effort for the end user.
FIDO 2.0 as a passwordless solution
The FIDO2 security standard is based on a 2FA solution based on the use of security keys (FIDO2 keys) and tokens (authentication tokens). Thanks to the integration of the W3C WebAuthn standard, this process allows not only encrypted and anonymous connections, but also connections without passwords.
With FIDO2-, a passwordless solution for web authentication is achieved without reducing security. Based on the free and open standards of the Fast Identity Online Alliance and the World Wide Web Consortium (W3C), it enables a 2FA solution that replaces password-only login with secure and fast login experiences on websites and apps. In addition, FIDO2 authentication can also be used as a standalone solution and thus be used “passwordless”.
After FIDO Universal Second Factor (FIDO U2F) and FIDO Universal Authentication Framework (FIDO UAF), FIDO2 is already the third standard to emerge from the work of the alliance.
How does FIDO2 work?
FIDO2 users are authorized to access a desired service using a device they trust. FIDO2 uses the CTAP (Client to Authenticator Protocol), which enables browsers and platforms to establish a secure connection, whether via USB, NFC or Bluetooth. The standard uses asymmetric “public/private key” cryptography, in which a key pair is used to guarantee secure authentication.
The procedure for configuring a secure communication path between the client and the respective web services is as follows:
- The user registers with the online service and generates a new key pair on the device used, consisting of a private key and a public FIDO2 key.
- While the private key is only stored on the device on the client side, the public key is registered in the key database of the web service.
- Subsequent authentications are now only possible by proving the private key, which must always be unlocked by a user action.
What advantages does FIDO2 offer?
Thanks to the cryptography used, FIDO2 is considered to be very secure and more reliable than password-based authentication methods. FIDO 2.0 technology offers the following advantages:
- Increased security thanks to strong authentication factors with biometric authentication
- User-friendliness & convenient authentication for the end user with single sign-on
- Login data remains on the user device
- Works with conventional devices
- Resistance to phishing attacks
- Reduced security costs, no more password management required and time savings for the IT department.
- As an open standard, the process can be easily implemented in your own products
FIDO2: The ideal authentication procedure, without a password
In conclusion, the FIDO2 standard enables a simple and secure login process to use web services without a password. FIDO2 is supported by almost all common browsers and web applications and eliminates password-based authentication. Web services can integrate the authentication processes in a simpler but secure way, as the implementation of the standard is relatively simple.
The promise of passwordless authentication is to increase security and user-friendliness at the same time. Find out more in the new white paper.
Do you have any questions about FIDO 2.0?
Would you like to simplify login procedures in your company? At United Security Providers, we offer a broad portfolio of authentication solutions to help you increase IT security in your company. Get in touch with us today and find out more about the benefits of United Security Providers as a cyber security specialist from Switzerland.