# FIDO Based
FIDO (Fast Identity Online) is an open standard for passwordless authentication that aims to reduce reliance on passwords and enhance online security. FIDO-based passwordless mechanisms use public-key cryptography to authenticate users without the need for traditional passwords. One of the key components of FIDO is the use of a hardware security key or biometric authentication.
Here's a brief overview of how FIDO-based passwordless mechanisms work:
1. **Registration:**
* During the registration process, the user's device generates a public-private key pair.
* The public key is stored on the server, while the private key remains on the user's device. The private key is typically stored in a secure element, such as a hardware security key or the device's Trusted Platform Module (TPM).
2. **Authentication:**
* When a user attempts to log in, the server sends a challenge to the user's device.
* The device uses the private key to sign the challenge and sends the signed response back to the server.
* The server verifies the signature using the stored public key. If the verification is successful, the user is authenticated.
3. **FIDO Protocols:**
* FIDO supports two main protocols: FIDO U2F (Universal 2nd Factor) and FIDO2.
* Cymmetri supports the FIDO2 protocol for implemeting the passwordless mechanism
* FIDO2 includes WebAuthn (for web applications) for communication between the client (user's device) and the authenticator (e.g., hardware security key).
4. **Passwordless Options:**
* FIDO-based passwordless authentication can be achieved through various methods, including the use of hardware security keys, biometrics (such as fingerprint or facial recognition), or a combination of both.
