Brief Analysis of FIDO Protocol and how it Works

by Mark Bradley

FIDO protocol refers to an acronym hailing from the Latino word, fido, which means to trust. The term was made popular by Sir Abraham Lincoln. He borrowed it from society and named his dog. For that reason, it has become a befitting name for man’s friend and the appropriate word for security, where trust happens to be the key element. A rather technical reference, FIDO, emerged in 2012. It has since been backed by several big techs as well as finance players, i.e, Lenovo and Google, among others.

Pain Point

And based on the public-key cryptography, fido is also defined as a set of different protocols created to help support the authentication of any security. This includes One-Time Passwords, USB security tokens, and One-Time Passwords, among others.

Since its arrival on the scene, fido has been the go-to security system for many companies.

Here is why.

Why Companies Choose FIDO

The FIDO protocol uses a standard public key technique to offer stronger and reliable authentication.

In the process of registration with a service online, the client’s device creates a new key. Thereafter, it retains the second pair and registers the public security authentication with an online service.

In many instances, authentication is conducted by the client device. This provides possession of the key to service through signing a challenge.

A client’s key can be used after the unlocking of the device has occurred. Usually, the unlock is accomplished using a rather user-friendly, secure connection like swiping a finger, speaking into the microphone, or entering a PIN. The user can also insert a second-factor element or press a button.

Fido protocols are created from scratch to protect the privacy of a user. These protocols have never provided information that may be used by various online services in collaborating and tracking a user across different services.

If the biometric information is used, it will not leave the user’s device.

The Process of FIDO Registration

  • The user is prompted to select an available fido authenticator, which often matches the service acceptance policyof the online portal.
  • The user then unlocks the authenticator via a fingerprint reader. A button may also be used in other cases
  • A PINcan also be used in unlocking the fido authenticator
  • The public key will be sent to the service portal that is appended to the user’s account
  • The private keywill be sent to the service portal online. It should not leave the user’s device

Logging in to FIDO

There are different online service challenges that a user can encounter in the process of keying in their information with an initial registered device, which matches the acceptance policy of a service provider.

The user shall unlock fido’s authenticator using a known method (same as the one used during the registration process)

The device uses a user’s account identifier given by the service in choosing the right key and then signing the service’s challenge

Finally, the client gadget sends a signed challenge to the service. This will, in turn, verify it with a stored public key.

Final Thoughts

Thinking of installing fido into your firm’s security system? Well, FIDO cryptographic log in credentials happens to be special and unique across every website. That is definitely a great thing because the security model largely eliminates the high risks of phishing.

You may also like

Leave a Comment