How We Secure: Authentication Methods
Fast IDentity Online (FIDO)
SurePassID Universal MFA is a certified universal server for FIDO UAF, U2F, and FIDO2 authentication.
Compliant, passwordless MFA that supports biometric authentication
Based on open standards from the FIDO Alliance, Fast IDentity Online (FIDO) UAF, U2F, and FIDO2 authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps.
Universal Second Factor (U2F) – User inserts a U2F universal serial bus (USB) token into any port. Then the user presses the U2F token button to authenticate whenever logging in to a U2F or FIDO2-enabled website or app.
Universal Authentication Framework (U2F) – User chooses a biometric authentication method for their device and uses it to authenticate whenever logging in to a UAF or FIDO2-enabled website or app.
FIDO2 – User chooses a biometric or FIDO Security Key authentication method and uses it to authenticate to any FIDO2-enabled website or app.
Advantages
Disadvantages
- Eliminates the hassle of entering One Time Passwords
- Users can easily self-provision
- Can be free to download and use, if using a FIDO mobile app
- Can leverage built-in biometric authentication on mobile devices
- Almost all mobile devices now have built-in FIDO support
- Enables secure recovery and reprovisioning
- Open standards-based (FIDO UAF, U2F, FIDO2)
- Can work offline
- Extremely strong protection – FIDO authenticators are not vulnerable to interception, redirection, phishing, man-in-the-middle, session hijacking, or malware attacks
- Added cost, if issuing FIDO Secret Keys (USB tokens, cards, etc.)
- Can be lost, if issuing FIDO Secret Keys (USB tokens, cards, etc.) or using a FIDO mobile app on an issued phone or BYOD
- FIDO USB hardware tokens can cause undue wear on USB ports
