FIDO Authentication

MTRIX GmbH has been a member of the FIDO Alliance since 2014 and regularly moderates discussion events on the topic of FIDO.

What is FIDO?

FIDO (Fast IDentity Online) is an open standard for easy and secure authentication. FIDO specifications and certifications enable an interoperable ecosystem of hardware-, mobile- and biometric-based authenticators which can be used with many apps and websites. For more information, see the FIDO Alliance website. You can find out here how FIDO operates.


The FIDO2 project consists of the web authentication specification (WebAuthn) of W3C and the related CTAP protocol (client-to-authenticator protocol) with which users can use FIDO devices for easy authentication for online services. FIDO2 is to some extent an advanced development of the FIDO protocols U2F and UAF.

WebAuthn and CTAP 

WebAuthn defines a standard web API, which can be integrated in browsers, and the related web platform infrastructure, to enable the use of FIDO authentication for online services. CTAP gives external devices like mobile phones or FIDO security keys the ability to work together with WebAuthn, and it serves as an authenticator for desktop applications and web services. 
Several large web browsers have already implemented these standards, including Chrome, Firefox and Microsoft Edge. Android and Windows 10 also include integrated support for the FIDO authentication.

FIDO U2F (Universal 2nd Factor)

U2F is an open 2-factor authentication standard which enables secure access to any number of web-based services – immediately and without drivers or client software. The U2F specifications were originally developed by Google with participation by Yubico and NXP. Today, everything is managed under the auspices of the FIDO Alliance (Fast IDentity Online). The Alliance was founded in 2012 with members that included PayPal and Lenovo. Its goal was to develop user-friendly and secure alternatives to passwords.

Besides offering the basic advantages of 2-factor authentication, U2F has the following properties:

  •  No shared secrets – Unlike OATH, for example, U2F Public utilizes key cryptography and no shared secrets. 
  • Anonymous – New public keys for each side 
  • User experience – The user should not need to enter any codes or install any drivers
  • Universal – Hardware tokens, fingerprint readers, software tokens, etc. / USB, NFC, BLE / Registration on any number of websites 
  • Open standard 
  • Supported by industry leaders – like Google, PayPal, Microsoft, Bank of America, Mastercard and VISA