Introduction
Explains a simple version of what FIDO2 is.
Last updated
Explains a simple version of what FIDO2 is.
Last updated
FIDO2 is a technology / interface on your Yubikey, which stands for Fast IDentity Online. It is included on ALL models of Yubikey.
It is a standard which enables you to log into applications without using passwords on both desktop and mobile environments. Instead of passwords, FIDO authentication uses registered devices / security keys to validate you.
FIDO2 an extension of , and offers the same level of high-security based on public key cryptography. FIDO2 offers authentication options including single factor , strong two factor (2FA), and multi-factor authentication (MFA).
FIDO2 key features include:
WebAuthn: A standard set of web APIs to allow passwordless authentication in browsers
CTAP2: Specification for the usage of physical keys and mobile authenticator apps to implement 2FA and passwordless authentication
You may be asking "If FIDO2 is passwordless, why am I being asked for a password with services like Microsoft or Google?".
A service might support devices like the Yubikey, however, may not support going completely passwordless. Instead, the website will ask you to enter your username/email and password, and then you will be prompted to insert your Yubikey device as a secondary factor of authentication (2FA). This means that you need your username/email + password + Yubikey device.
Not all services support Passwordless login yet unfortuantely.
At the time of writing this, Microsoft does support going passwordless.