Introduction

Explains a simple version of what FIDO2 is.

FIDO2 is a technology / interface on your Yubikey, which stands for Fast IDentity Online. It is included on ALL models of Yubikey.

It is a standard which enables you to log into applications without using passwords on both desktop and mobile environments. Instead of passwords, FIDO authentication uses registered devices / security keys to validate you.

FIDO2 an extension of FIDO U2F, and offers the same level of high-security based on public key cryptography. FIDO2 offers authentication options including single factor (passwordless), strong two factor (2FA), and multi-factor authentication (MFA).

FIDO2 key features include:

WebAuthn: A standard set of web APIs to allow passwordless authentication in browsers
CTAP2: Specification for the usage of physical keys and mobile authenticator apps to implement 2FA and passwordless authentication

You may be asking "If FIDO2 is passwordless, why am I being asked for a password with services like Microsoft or Google?".

A service might support devices like the Yubikey, however, may not support going completely passwordless. Instead, the website will ask you to enter your username/email and password, and then you will be prompted to insert your Yubikey device as a secondary factor of authentication (2FA). This means that you need your username/email + password + Yubikey device.

Not all services support Passwordless login yet unfortuantely.

At the time of writing this, Microsoft does support going passwordless. You can read about how to set this up here.

Last updated 1 year ago