FIDO Based

FIDO (Fast Identity Online) is an open standard for passwordless authentication that aims to reduce reliance on passwords and enhance online security. FIDO-based passwordless mechanisms use public-key cryptography to authenticate users without the need for traditional passwords. One of the key components of FIDO is the use of a hardware security key or biometric authentication.

Here's a brief overview of how FIDO-based passwordless mechanisms work:

1. Registration:

   • During the registration process, the user's device generates a public-private key pair.

   • The public key is stored on the server, while the private key remains on the user's device. The private key is typically stored in a secure element, such as a hardware security key or the device's Trusted Platform Module (TPM).

2. Authentication:

   • When a user attempts to log in, the server sends a challenge to the user's device.

   • The device uses the private key to sign the challenge and sends the signed response back to the server.

   • The server verifies the signature using the stored public key. If the verification is successful, the user is authenticated.

3. FIDO Protocols:

   • FIDO supports two main protocols: FIDO U2F (Universal 2nd Factor) and FIDO2.

   • Cymmetri supports the FIDO2 protocol for implemeting the passwordless mechanism

   • FIDO2 includes WebAuthn (for web applications) for communication between the client (user's device) and the authenticator (e.g., hardware security key).

4. Passwordless Options:

   • FIDO-based passwordless authentication can be achieved through various methods, including the use of hardware security keys, biometrics (such as fingerprint or facial recognition), or a combination of both.