anavem.
Back to Glossary
F

FIDO2

FIDO2 is an authentication standard enabling passwordless and phishing-resistant sign-in using public-key cryptography.

What is FIDO2?

FIDO2 is a set of specifications developed by the FIDO Alliance and W3C that enables passwordless, phishing-resistant authentication using public-key cryptography. It consists of WebAuthn (web standard) and CTAP (Client to Authenticator Protocol).

FIDO2 Components

  • WebAuthn: Browser API for authentication
  • CTAP: Communication with external authenticators

FIDO2 Authenticator Types

  • Platform Authenticators: Built into devices (Touch ID, Windows Hello, Android biometrics)
  • Roaming Authenticators: External devices (YubiKey, Titan Key)
  • Hybrid: Using phone as authenticator for another device

Common Misconceptions

  • "FIDO2 requires hardware tokens" - Platform authenticators work
  • "FIDO2 is complex to implement" - SDKs and libraries available
  • "FIDO2 is enterprise only" - Consumer adoption growing