LLMpediaThe first transparent, open encyclopedia generated by LLMs

FIDO

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Apple Pay Hop 4
Expansion Funnel Raw 113 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted113
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
FIDO
NameFIDO
Established2012
FounderYubico, Google (company), Microsoft
LocationFIDO Alliance

FIDO FIDO is an industry-driven set of technical standards for online authentication spearheaded by the FIDO Alliance and adopted across major technology companys to replace password-based logins. It defines protocols and APIs that enable biometric authentication, hardware security module, public-key cryptography, and multi-factor authentication methods interoperable among vendors such as Apple Inc., Google (company), Microsoft, Samsung Electronics, and Yubico. FIDO work intersects with standards bodies and initiatives including World Wide Web Consortium, Internet Engineering Task Force, Trusted Platform Module, International Organization for Standardization, and leading identity platforms like Okta, Ping Identity, and Auth0.

Overview

FIDO comprises two principal families of specifications—an earlier Universal Authentication Framework and the later Client to Authenticator Protocol—developed to reduce reliance on passwords by using public-key infrastructure, asymmetric cryptography, and user-verifying authenticators. Major stakeholders include Amazon (company), Facebook, Twitter, Intel, AMD, Nokia, Sony, Visa, Mastercard, Bank of America, Deutsche Bank, and PayPal, reflecting cross-industry support from financial services, consumer electronics, and cloud services. Implementations integrate with platforms such as Android (operating system), iOS, Windows 10, macOS, Linux, and web frameworks driven by Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari. The specifications reference cryptographic primitives standardized by National Institute of Standards and Technology, Internet Engineering Task Force, and authentication device profiles from FIDO Alliance.

History

Work began with founding members including Yubico, Google (company), PayPal, Lenovo, Infineon Technologies, and Microsoft forming the FIDO Alliance in 2012 to address issues highlighted by breaches at Equifax, Yahoo!, and Target (retailer). Early milestones include the Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F) specifications later unified and extended into FIDO2 and the Web Authentication standard with the World Wide Web Consortium and Internet Engineering Task Force collaboration. Industry events and conferences such as RSA Conference, Black Hat, DEF CON, Gartner Identity & Access Management Summit, and regulatory discussions with entities like the European Commission and UK Information Commissioner's Office influenced adoption. Large deployments and pilot programs were announced by institutions including Google (company), Microsoft, Dropbox, GitHub, GitLab, and Salesforce.

Technology and Standards

FIDO's technical design centers on asymmetric keypairs generated by authenticators such as hardware security module, Trusted Platform Module, dedicated security keys from Yubico, Feitian Technologies, SoloKeys, platform authenticators in Apple Inc. devices (Touch ID, Face ID), and platform attestation in Android (operating system) and Windows Hello. Protocols include the Client to Authenticator Protocol (CTAP) and the Web Authentication API (WebAuthn), standardized through collaboration with World Wide Web Consortium and documented alongside IETF drafts. Cryptographic algorithms referenced include Elliptic-curve cryptography, RSA (cryptosystem), ECDSA, and hashing from NIST publications. Interoperability testing occurs at events hosted by FIDO Alliance and partner laboratories such as Underwriters Laboratories and UL LLC. Compliance and certification programs align with standards from ISO/IEC, Common Criteria, and device attestation models used by Google (company), Microsoft, and major certificate authorities like DigiCert.

Implementations and Products

Notable security key vendors implementing FIDO protocols include Yubico, Feitian Technologies, SoloKeys, Google (company)'s Titan Security Key, and built-in authenticators from Apple Inc. (Touch ID, Face ID), Microsoft (Windows Hello), and Samsung Electronics (Samsung Pass). Cloud and identity providers such as Okta, Ping Identity, Auth0, Azure Active Directory, AWS IAM, Google Cloud Identity, OneLogin, CyberArk, Duo Security, and RSA Security offer FIDO-based integrations. Enterprise software platforms including GitHub, GitLab, Atlassian, Slack Technologies, Dropbox, Box Inc., Salesforce, Workday, and ServiceNow have rolled out support. Financial services deployments include Bank of America, HSBC, Barclays, Deutsche Bank, Visa, and Mastercard leveraging FIDO authentication for online banking and payments. Hardware and endpoint management vendors like Dell Technologies, HP Inc., Lenovo, VMware, and Citrix Systems provide enterprise tooling for FIDO key provisioning.

Security and Privacy Considerations

FIDO reduces phishing risk by binding credentials to origin-aware channels in web browsers and platform authenticators, mitigating attacks that affected services like LinkedIn and Adobe Systems during historical breaches. Security considerations involve secure enclave and enclave-like protections from vendors such as Apple Inc., Intel, AMD, and ARM Holdings; attestation and key management models reference guidance from NIST and ENISA. Privacy-focused features include relying-party identifiers and resident keys to limit tracking by parties including Google (company) and Facebook. Threat models addressed include device theft, man-in-the-middle attacks, supply-chain risks highlighted by incidents involving Supermicro and firmware compromise cases scrutinized at Black Hat briefings. Certification, revocation, and recovery workflows intersect with legal and regulatory frameworks from European Commission directives and national data protection authorities.

Adoption and Impact

Adoption accelerated after major platform support announcements from Google (company), Microsoft, and Apple Inc., with enterprise uptake by Fortune 500 firms and public-sector pilots in jurisdictions like United Kingdom, European Union, United States, Australia, and Japan. FIDO has influenced passwordless strategies in products from Amazon (company), Facebook, Twitter, Microsoft, and Google (company), and fostered an ecosystem of hardware vendors, identity providers, and certificate authorities including DigiCert, Entrust, and Let’s Encrypt. Industry analysis by firms such as Gartner, Forrester Research, and IDC cites FIDO as a key enabler of reduced account takeover rates and lower support costs for customer identity and access management in sectors like financial services, healthcare systems, and e-commerce.

Category:Authentication standards