top of page

FIDO ecosystem

■ Limitation of "password authentication method"

・The cause of information leakage is loss or theft of credentials (authentication information).
・The problem with passwords is that they may be leaked from servers and communication paths, theft due to phishing, and inconvenience of input from mobile devices. The biggest trouble is that there are too many passwords to remember. (As a result, reuse of passwords and withdrawal or suspension of services will result.)

■FIDO (FastIDentityOnline) authentication concept

YubiOn FIDO

-Aiming for an industry standard for security such as "SSL", we have established a standard for authentication that replaces password authentication.

-Standardization based on standards not limited to specific manufacturers. (The FIDO Alliance conducts intercommunication tests of "FIDO Server", "FIDO Client", and "Authenticator" to certify products. As a result, each vendor should implement according to the FIDO specifications. Will lead to being able to.)
-Separate "local authentication of mobile device" and "server authentication of device" and do not use a common key (shared credentials) method such as a password for server authentication. Authentication is performed by public key cryptography.
-Authentication information can be stored in the secure store area (storage area) in the terminal, and biometric authentication information is not saved in the server.

■ FIDO specifications

-The FIDO Alliance has had two specifications (initially). One is the "UAF (Universal Authentication Framework) method" that does not use passwords, and the other is the "U2F (Universal Second Factor) method" that touches the security device together with password authentication. Is. After that, the FIDO Alliance provided the Web API specifications to the W3C, which is standardizing Web browsers, and completed the standardization of Web authentication (FIDO2).

YubiOn FIDO

■Passwordless authentication realized by YubiKey and "FIDO2"

  • Improvement of "usability"

  • Public key cryptography based "strong security"

  • One key can be used for multiple service accounts

The FIDO2 authentication specification is an open standard for authentication that includes the W3C's "WebAuthn API" and "CTAP (Client to Authentication Protocol)". With FIDO2 that uses Yubico's Security Key, there are three factors: single factor (passwordless), second factor (same as U2F, two-step authentication), and multi-factor (single factor plus a second element such as PIN). There is a solution. Authentication based on secure hardware can prevent the theft and hijacking of authentication information (credentials), which is effective in countermeasures against phishing, man-in-the-middle attacks, and server attacks.

(reference)

・ Windows Blog: Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices
・ FIDO Alliance: FIDO2 Project Page

FIDO Related Blogs

No posts published in this language yet
Once posts are published, you’ll see them here.

FIDO-compliant YubiOn products

Authentication Services

YubiOn FIDO2® Server

We provide FIDO2 authentication infrastructure to enable MFA with FIDO at your service. You can choose either cloud or on-premise type of authentication infrastructure.

Endpoint Security

YubiOn FIDO Logon

A cloud service that provides multi-factor authentication using the FIDO2 protocol for PC terminal logon, with convenient features such as integrated management via a web management console and remote control functions.

bottom of page