The new Fast Identity Online (FIDO) standard reinforces the security of online identity authentication systems on mobile devices and web applications. Its goal is to replace the exclusive use of passwords with more secure biometric authentication mechanisms that are protected by encryption systems.
Created by the world’s leading tech companies, the Fast Identity Online (FIDO) Alliance, strives to change the way online authentication takes place, making it more secure and convenient.
Currently, passwords are most common method for online authentication - a system that could create problems as they must be complex to be secure, and if they’re complex they’re hard to remember. Even more so considering that users have an average of 90 online accounts, according to the FIDO Alliance.
In order to improve this situation and make online identity authentication more secure, the FIDO Alliance has created a series of interoperable technical standards that facilitate the creation of secure and fast login experiences on websites and apps. This makes user identification easier through the use of biometric systems like fingerprints or facial recognition, as well as second-factor or multi-factor authentication, which verifies that the person is who they say they are several times via different mechanisms.
The use of FIDO standards facilitates the secure integration of these authentication alternatives on mobile devices and web navigators. It is based on the use of public key encryption techniques, which provide a more robust and convenient identification method than the use of passwords as the only protection system.
How does it work?
When a user registers on an online service that utilizes the FIDO standard, the system generates a set of cryptographic keys, so that the private password is kept in the hardware of the device and the public password is saved on the online service. In order to authenticate a user’s identity, the customer’s device must show the online service that it has the private password by performing a mathematical verification. In fact, the customer’s private password can only be used once the user has unlocked the device locally. They can do so in a secure and simple manner with their fingerprint, voice, or by introducing a PIN.
As a result, the user’s privacy and access credentials are protected, and users are not forced to choose between better security and a better user experience - they can have both.