FIDO (Fast Identity Online) Alliance
Last updated
Identification, Authentication and Authorization
Last updated
Open industry association.
With the mission of developing open authentication standards and promoting their adoption to reduce the use of passwords.
Approach:
Strong authentication based on public keys.
Phishing resistance.
Good usability.
Authentication key pairs are stored in tokens, thus we need a protocol to interact with them.
Authentication is based on signatures, these however are too long to be copied by people.
Enrolment of devices in users' profiles is left to the authenticators, plus the recovery procedures upon losing a token.
Validation of the quality of FIDO products.
Certification programs:
Functional.
Compliance and interoperability.
Authenticator
Protection of secrets (L1 up to L3+).
Biometric.
FAR, FRR.
IAPMR (Impostor Attack Presentation Match Rate).
