The Official FIDO Authentication Guide

The Official FIDO-Certified Two-Factor Authentication Guide

This FIDO Authentication Guide will give you the information you need to determine if FIDO Authentication is something you want to try or something you really need. It is intended for people who haven’t heard about or are not familiar with the new FIDO Authentication standard that is gaining traction around the world due to its simplicity, strength and user convenience. Let’s get started.

What is FIDO Certified Two-Factor Authentication?

The FIDO Alliance is an authentication standard engineered for open, private, secure and easy to implement security. As one of the first FIDO certified partners, SurePassID contributed to the initial standard specifications.

FIDO is the largest “Ecosystem for standards-based, interoperable authentication.” Their mission is to provide “simpler, stronger” security while altering the nature of online authentication. They do so by implementing 3 key things:

  1.     The development of technical specifications used to define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords to authorize users.
  2.     Establishing and operating industry programs so that FIDO Specifications are used worldwide.
  3.     Providing technical Specification(s) to recognized standards development organization(s) for formal standardization.

Benefits of FIDO:

  • Stronger transaction/account security across many channels
  • Enhanced user experience
  • Reduced risk of fraud
  • Increased return on investment in authentication
  • The ability to eliminate passwords altogether

Do You Need FIDO Certified Two-Factor Authentication?

As of 2014, 47% of American adults reported their personal information stolen by cyber criminals, largely related to data breaches at large companies.

Big and small companies are trusted to protect customer information but passwords and usernames don’t cut it anymore, not with cybercrime at an all-time high. Without another form of security, aka multi-factor authentication, it is so easy for cyber criminals to hack into your system and steal customer data.

According to the 5th Annual Mobile Payments and Fraud 2017 Study, 44% of vendors report the most damaging aspect of a data breach is a loss of consumer trust due to the perception they have weak security.

Building a great brand is all about building customer trust but trust is shattered following a data breach. SurePassID offers an affordable and easy way to implement FIDO certified two-factor authentication to protect your customers and your reputation. Learn more by visiting

Did you know…

  •      According to the Global Economic Crime Survey 2016, over 34% of businesses will be impacted by cyber crime in the coming years.
  •      By IBM estimates, businesses are attacked around 16,856 times per year—that’s 46 attacks per day.

FIDO Specifications U2F vs. UAF

The FIDO Alliance has two specifications, U2F and UAF, both offer a secondary form of security but one allows you to ditch passwords altogether.

Passwordless Experience—Universal Authentication Framework (UAF) Standards

The passwordless FIDO authentication experience supported by the UAF protocol allows users to register their device to the online service by choosing a local authentication mechanism, such as looking at the camera, inserting thumbprint, speaking into the mic, entering a pin, etc. Users rely on the same method to authenticate their identity when logging in from a device. UAF allows users to implement multiple authentication methods, for instance, PIN + fingerprint. Additionally, SurePassID has developed the first Virtual Mobile FIDO Token that is provisioned to a user’s mobile phone and works in conjunction with the phone’s built-in biometric sensors (fingerprint reader, camera, or microphone). This allows two-factor authentication without a password since the user would be using a biometric (what you are) that would release the FIDO token (what you have) upon a biometric match.

Second Factor Experience—Universal Two Factor (U2F) Standards

The Second Factor FIDO authentication experience is supported by the U2F protocol. Users keep passwords but must provide an additional second factor to authenticate login. The strength of the second factor allows businesses to simplify passwords without degrading security.  FIDO U2F devices can be used across all online services that support the protocol via built-in web browser support.

Ways to Implement FIDO Authentication

SurePassID supports all FIDO U2F, One-Time Passcode and Push Authentication processes. Depending on your company, services, and needs, one or more of the following processes may provide the best solution.

FIDO-Certified Authentication Server:  Server software is available in several configurations to fit your security and corporate governance requirements. We offer an authentication cloud service, on-premises servers (software install or VM’s), white-box servers and embedded server-on-a-chip for IoT chip and product manufacturers.  

U2F Tokens:  The Universal 2nd Factor (U2F) device inserts into a USB port and sends a signal to SurePassID to authenticate your login. We make it easy to set up U2F Tokens, which can be used individually or with another authentication device. We even have a 3-in-1 slim token, the TapID Treo, that provides FIDO U2F via USB and NFC, plus an OATH OTP token via USB. Just tap and go! Buy on Amazon

TapID Mobile Account Security Card: A contactless (NFC) FIDO U2F smart card for ID or Android mobile authentication applications that provide strong authentication using FIDO Universal 2nd Factor with a simple tap to your NFC-enabled device. TapID is available for EMV credit and debit cards, as well as a TapID Virtual Mobile U2F soft token with integrated on-mobile biometric security. Buy on Amazon

Learn more about all our FIDO Certified U2F solutions by visiting

We offer a FIDO U2F Enablement Quick Start Kit that includes everything you need to enable your websites and mobile apps with top-notch security. Learn more by visiting

What about two-factor authentication that’s not FIDO certified?

According to The Verge, FIDO Authentication is the most secure level of strong authentication available. FIDO authentication protocols are specially engineered to protect user privacy. FIDO protocols do NOT track or store information to be used by different online services. In order for the FIDO token to be true to these attributes, it must be officially FIDO Certified. Look for the FIDO Certified mark.

SurePassID also supports the OATH authentication standard used by most authentication software providers today, except for RSA who has their own proprietary authentication protocol. OATH is an open authentication standard that we support and has been on the market for over 15 years and is still in wide use. Our Authentication Server software supports both OATH and FIDO tokens and is interchangeable, enabling users to have a variety of token types depending on their secure access requirements. Since our solution comes with both OATH and FIDO support, you can start with OATH and migrate to FIDO at your own pace, no additional cost.

What About Two-Factor Authentication Using SMS?

Secure two-factor authentication must offer around-the-clock protection, no matter where you are or what devices you’re working from. SMS-based two-factor authentication does not offer that, here are several reasons why:

      Not everyone has SMS text messaging

      Cell service may not be available in certain areas

      Text messages are easy to interfere with and hack

Although NIST has deprecated SMS text for two-factor authentication, we still support it so SMS tokens can be used as a one-time temporary code for those who are not bound by the NIST standard or for those who have a security policy that allows SMS tokens as an option.

Does Your Two-Factor Authentication Platform Stand Up to the Challenge?

Not all multi-factor authentication solutions offer the same level of security, efficiency, ease of use, and affordability. A strong multi-factor security solution should:

  • Reduce your overall risks and provide greater oversight
  • Be compatible with cloud, mobile, and BYOD initiatives. The latest two-factor solutions are designed for more sophisticated devices like cloud computing and mobile applications.
  • Offer an affordable solution without hidden costs or unexpected fees.
  • Constantly evolve to address the growing and changing cyber threats.

Unsure if your security solution offers all of this? You’re not alone. A recent study found that many businesses are fuzzy on the details regarding their cyber security.  Don’t let oversights lead to a security breach that destroys your bottom line and harms the public’s perception of your brand. Consult with us first for your information security and user authentication needs.

Protect Your Data, Brand, Employees & Customers with SurePassID

Cyber criminals could be attempting to infiltrate your systems right now as you read this. After all, IBM estimates 46 businesses will be attacked TODAY, as well as every other day of the year. Usernames and passwords are not going to keep hackers out today. With multi-factor authentication from SurePassID, you are automatically alerted when someone tries to log into your accounts.

Think of it like a lock on your front door. With the right tools, it’s quite easy to break into a basic lock. Add a fingerprint sensor and auto alerts from your home security system and it’s suddenly much harder, if not impossible, for someone to break in. The harder it is to break in, the more likely someone is to give up and try the next house (or computer) down the street. Adding two-factor authentication increases the security dramatically, driving hackers to an easier target.

Digital Theft Affects More People Than Physical Crimes Get FIDO Authentication today - sign up for a FREEtrial

The United Nations conducted a global study that found digital theft impacts up to 17% of the population, while physical crimes impact less than 5% of the population. Even people who live in safe neighborhoods lock their doors at night, and there are no safe neighborhoods in cyber space—cyber criminals know no boundaries.

No one wants to see their emails published to WikiLeaks, or find out customer data was compromised by hackers. Talk about a ruined day—that kind of news can ruin your whole year. By implementing FIDO Certified Two-Factor Authentication you greatly reduce your risk of a security breach.

SurePassID offers the easiest and most affordable solution to implement FIDO authentication.  Sign up for a free trial today to experience the power of strong security and greater convenience!