Glossary / Authentication
FIDO2
FIDO2 is the set of standards from the FIDO Alliance and the W3C that enables phishing-resistant passwordless authentication using public-key credentials, made up of WebAuthn and the CTAP protocol.
Also: FIDO2
FIDO2 is the umbrella for two specifications that together replace passwords with public-key cryptography. WebAuthn, standardized by the W3C, is the browser and platform API that web applications call. The Client to Authenticator Protocol, standardized by the FIDO Alliance, is how a device or browser talks to an authenticator such as a phone or a hardware security key.
In a FIDO2 credential, the private key never leaves the authenticator and the website stores only the public key. Authentication is a signed challenge scoped to the site’s origin, which makes it resistant to phishing, credential stuffing, and server-side credential theft.
FIDO2 is the technical foundation beneath passkeys. For CIAM, it is the standards base that lets a platform offer passwordless login that works across modern browsers and devices.
Sources
- FIDO Alliance, FIDO2: https://fidoalliance.org/fido2/
Related terms
Standards
- W3C WebAuthn
- FIDO CTAP2