Multifactor authentication from FIDO


Public Key Cryptography

Standard public key cryptography is the basis of the FIDO protocols. When registering to a new service, the user creates a new key pair. This stronger authentication maintains the private key securely on the FIDO Ready device and registers the public key with the chosen online service. Only the user in possession of the FIDO Ready device itself can securely authenticate with it. This can be done in many ways, such as fingerprint, voice, PIN, or pressing a button, among other ways.

FIDO and Privacy

Mention the word biometrics or centralized authentication mechanism and many in the privacy community will show a furrowed brow. Note, however, that FIDO doesn't require the use of biometrics but supports a variety of technologies. These technologies are often assumed to be diametrically opposed to privacy. Not so with the FIDO Alliance. It is important to note that the FIDO protocol comes with privacy baked right in. FIDO protocols don't provide information that can be used to corroborate, uniquely identify, or track a user across multiple services.

With FIDO protocols, biometric information never leaves the device. As with any other standard or industry effort, the involvement of technologists can help drive its future direction. If privacy matters to you, as it does to me, you can work to ensure these standards maintain it.


In late 2013, the FIDO alliance began a certification program, FIDO Ready  [2], for passing its standards testing. At the 2014 CES (Consumer Electronics Show), early implementation by vendors AGNITiO [3], FingerQ [4], Go-Trust [5], Nok Nok Labs [6], and Yubico [7] were highlighted. Note that this technology, various vendor offerings, and the core protocol are still evolving, and deployment isn't seen in as many live implementations today as will be seen in the future. My focus here will be on two current early implementations by Yubico and Nok Nok Labs. With the backing of these large vendors and open standards, the sky is the limit for this future of MFA authentication.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=