FIDO Alliance


The FIDO Alliance is an open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. FIDO addresses the lack of interoperability among strong authentication devices and reduces the problems users face creating and remembering multiple usernames and passwords.

Overview

FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules, USB security tokens, embedded Secure Elements, smart cards, and near field communication. The USB security token device may be used to authenticate using a simple password or by pressing a button. The specifications emphasize a device-centric model. Authentication over the wire happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.
FIDO provides two types of user experiences depending on which protocol is used. Both protocols define a common interface at the client for whatever local authentication method the user exercises.

Members

FIDO was founded by Agnitio, Infineon, Lenovo, Nok Nok Labs, PayPal and Validity Sensors. By the end of September 2016, FIDO members totaled more than 260, including a board made up of Aetna, Alibaba Group, Amazon, American Express, ARM, Bank of America, BC Card, Broadcom, CrucialTec, Daon, Egis Technology, Feitian, Gemalto, Google, HYPR, Infineon, Intel, ING, Lenovo, MasterCard, Microsoft, Nok Nok Labs, NTT DoCoMo, NXP Semiconductors, Oberthur Technologies, PayPal, Qualcomm, RSA, Samsung Electronics, Synaptics, USAA, Visa, VMware, OneSpan, Yubico and Apple Inc representatives. A full list of members is available on the official website.

Specifications

The following open specifications may be obtained from the FIDO web site.
The U2F 1.0 Proposed Standard was the starting point for a short-lived specification known as the FIDO 2.0 Proposed Standard. The latter was formally submitted to the World Wide Web Consortium on November 12, 2015. Subsequently, the first Working Draft of the W3C Web Authentication standard was published on May 31, 2016. The WebAuthn standard has been revised numerous times since then, becoming a W3C Recommendation on March 4, 2019.
Meanwhile the U2F 1.2 Proposed Standard became the starting point for the Client to Authenticator Protocol 2.0 Proposed Standard, which was published on September 27, 2017. FIDO CTAP 2.0 complements W3C WebAuthn, both of which are in scope for the FIDO2 Project.

Milestones