FIDO Security Key
What is FIDO Security Key?
FIDO Security KeyA hardware authenticator that uses the FIDO U2F or FIDO2/WebAuthn standards to perform phishing-resistant, public-key-based authentication to web and enterprise services.
A FIDO security key is a small USB, NFC or Bluetooth device that holds private keys in tamper-resistant hardware and signs authentication challenges from a relying party. The FIDO Alliance defines the underlying protocols: U2F as a second factor, and FIDO2 (CTAP2 plus WebAuthn) as both a second factor and a fully passwordless credential, including passkeys. Because the signature binds to the origin of the requesting site, FIDO keys defeat real-time phishing and AiTM proxy attacks that bypass OTP. Major vendors include Yubico, Google (Titan), Nitrokey, Feitian and SoloKeys, and the keys are deployed across Microsoft, Google, GitHub, AWS and government identity systems.
● Examples
- 01
Registering a YubiKey 5 as the WebAuthn authenticator for a GitHub or Microsoft Entra account.
- 02
Issuing FIDO2 keys to administrators to enforce phishing-resistant MFA on cloud consoles.
● Frequently asked questions
What is FIDO Security Key?
A hardware authenticator that uses the FIDO U2F or FIDO2/WebAuthn standards to perform phishing-resistant, public-key-based authentication to web and enterprise services. It belongs to the Cryptography category of cybersecurity.
What does FIDO Security Key mean?
A hardware authenticator that uses the FIDO U2F or FIDO2/WebAuthn standards to perform phishing-resistant, public-key-based authentication to web and enterprise services.
How does FIDO Security Key work?
A FIDO security key is a small USB, NFC or Bluetooth device that holds private keys in tamper-resistant hardware and signs authentication challenges from a relying party. The FIDO Alliance defines the underlying protocols: U2F as a second factor, and FIDO2 (CTAP2 plus WebAuthn) as both a second factor and a fully passwordless credential, including passkeys. Because the signature binds to the origin of the requesting site, FIDO keys defeat real-time phishing and AiTM proxy attacks that bypass OTP. Major vendors include Yubico, Google (Titan), Nitrokey, Feitian and SoloKeys, and the keys are deployed across Microsoft, Google, GitHub, AWS and government identity systems.
How do you defend against FIDO Security Key?
Defences for FIDO Security Key typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for FIDO Security Key?
Common alternative names include: FIDO2 key, Security key, Hardware authenticator.
● Related terms
- identity-access№ 1230
WebAuthn
A W3C standard JavaScript API that allows web applications to register and authenticate users with public-key credentials stored on platform or roaming authenticators.
- identity-access№ 793
Passkey
A phishing-resistant FIDO2/WebAuthn credential — a device-bound or syncable asymmetric key pair that replaces passwords with a cryptographic challenge-response.
- identity-access№ 708
Multi-Factor Authentication (MFA)
An authentication method that requires two or more independent factors — typically from different categories — before granting access.
- cryptography№ 739
Nitrokey
An open-source security key from German vendor Nitrokey GmbH that provides FIDO2, OpenPGP, X.509 smart-card and OTP functionality in a USB token.
- cryptography№ 1054
Smart Card
A credit-card-sized device with an embedded secure microcontroller that stores credentials and performs cryptographic operations, defined by ISO/IEC 7816 for contact cards.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.