FIDO2
What is FIDO2?
FIDO2An open authentication standard from the FIDO Alliance combining WebAuthn (browser API) and CTAP (authenticator protocol) to enable phishing-resistant, passwordless sign-in.
FIDO2 is the umbrella term for two complementary specifications: WebAuthn, a W3C JavaScript API that lets relying parties create and verify public-key credentials, and Client to Authenticator Protocol (CTAP), which lets browsers talk to roaming authenticators over USB, NFC, or Bluetooth. Each credential is a public-key pair scoped to a single relying-party origin; user presence and verification (touch, biometric, PIN) gate the use of the private key. Because the protocol binds signatures to the origin and uses challenge-response, FIDO2 defeats phishing, replay, and credential stuffing. It supports both second-factor and fully passwordless flows and is the basis for modern passkeys.
● Examples
- 01
Registering a YubiKey 5 as a second factor on a GitHub account.
- 02
Passwordless sign-in to Microsoft Entra ID with a platform authenticator on Windows Hello.
● Frequently asked questions
What is FIDO2?
An open authentication standard from the FIDO Alliance combining WebAuthn (browser API) and CTAP (authenticator protocol) to enable phishing-resistant, passwordless sign-in. It belongs to the Identity & Access category of cybersecurity.
What does FIDO2 mean?
An open authentication standard from the FIDO Alliance combining WebAuthn (browser API) and CTAP (authenticator protocol) to enable phishing-resistant, passwordless sign-in.
How do you defend against FIDO2?
Defences for FIDO2 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for FIDO2?
Common alternative names include: FIDO 2.0.