The industry’s road to passwordless
The FIDO Alliance launched in February of 2013 with the aim of allowing users the option to replace passwords. With most sites using only one factor of authentication, the idea is to switch the default authentication to something more secure than passwords while providing all the interconnection needed in today’s world.
Major industry players have been adopting FIDO authentication at a rapid rate.
- 2014 – Yubico popularizes hardware FIDO keys.
- 2017 – Facebook enables FIDO for account protection.
- 2019 – Google rolls FIDO2 into Android; Microsoft adds it to Windows Hello
- 2021 – Amazon distributes free FIDO security keys to AWS customers
Today, FIDO2 authentication comes in two general forms: simple possession, and possession with biometric authentication. With simple possession, at authentication, the user presents the token by plugging it in via USB, bringing it near a computer or tapping it near a designated antenna.
Possession with biometric authentication generally happens with a user’s laptop. The user registers their biometrics on their laptop (something they possess). At authentication time, the authenticator is unlocked via biometric authentication. Once this is complete, the FIDO2 authentication proceeds.