Link logo and name

Blog

FIDO explained: the key to secure online transactions

April 27, 2023
photo of author

Editorial Team

what is the fido alliance?

Traditional password-based authentication methods are increasingly becoming insecure and inconvenient in online security. But Fast Identity Online (FIDO) is changing that quickly. 

FIDO is a passwordless authentication solution, using passkeys like biometrics or security keys to provide users with a more convenient login experience. FIDO passkeys are much safer, faster than traditional one-time passwords (OTPs), and easier for service providers to manage. 

FIDO represents a significant step forward in online authentication, quickly gaining momentum across various industries, including finance (open banking), healthcare, and government. As more and more organizations adopt FIDO, we can expect to see a significant reduction in data breaches and cyber attacks, as well as an improvement in the overall user experience.

Why was FIDO created?

FIDO was created by the FIDO Alliance, a nonprofit organization focused on “authentication standards to help reduce the world’s over-reliance on passwords.” 

Authentication methods such as one-time passwords (OTP) have several issues, especially on mobile devices, including security vulnerabilities to cyberattacks, difficulty for users to remember within the specified timeframe, costliness due to hardware or software requirements, and inconvenience of requiring access to a specific device or application.

And the data supports this. According to NordPass, most users had passwords that were very easy to guess. Additionally, a 2019 study by Yubico and Ponemon found that 57% of respondents “expressed a preference for a login method that does not involve the use of passwords.” 

The FIDO protocols utilize standard public key cryptography techniques to provide reliable authentication while ensuring user privacy.  Specifically, these protocols don’t disclose any information that can be used by online services to monitor or track the user.

Ultimately, FIDO was created to provide a more secure, user-friendly, and privacy-preserving authentication standard to replace traditional password-based methods.

Visual of the FIDO Registration and Login processes sourced from https://fidoalliance.org/how-fido-works/

How does FIDO work?

Using FIDO involves two parts: registration and login. During registration, a client device creates a new key pair and registers the public key with an online service. To authenticate, the client device signs a challenge with the private key and unlocks it through a secure action like swiping a finger, entering a PIN, or using a second-factor device.

FIDO Authentication can also be implemented across markets in various ways, from regulated industries to enterprises. For example, the Cambridge Housing Authority (CHA) sought a long-lasting multi-factor authentication solution following a phishing attack. Their search led them to discover FIDO, transforming the staff's user experience.

 “A 6-digit PIN that doesn’t need to be changed periodically is far more convenient to remember and type than a long password. I have found it very easy and efficient to use. The IT department assures me it’s more secure, too,” said John Filip, the chief financial officer at CHA. Currently, CHA has more than 250 account holders who frequently utilize FIDO device-based PINs for authentication instead of traditional passwords. 

While transitioning from traditional authentication methods may require external expertise and additional time to implement correctly, many organizations find it worthwhile.

What are the benefits of FIDO?

FIDO signifies a significant change towards simpler security that is resistant to phishing. In 2022, 89% of companies experienced a phishing attack. Passwordless authentication lowers those risks significantly. Some of the benefits are as follows:

  • Better Security: FIDO provides stronger security than traditional authentication methods since it eliminates the need for passwords, which can be easily compromised. Its authentication methods, such as biometric recognition, public/private key pairs, and device-based PINs are more secure. Additionally, it's also resistant to phishing attacks, thanks to the use of public key cryptography to verify the authenticity of the online service. 

  • More Privacy: FIDO ensures user privacy by never sharing the user's biometric information or private key with any external service or device. Authentication is done locally on the user's device; the private key and any information about the local authentication method never leave the device. This process protects the user's privacy and prevents tracking across different online services. Learn more about the privacy principles on the FIDO Alliance website.

  • Improved Convenience: FIDO is more convenient for users since it eliminates the need to remember and manage multiple passwords. As mentioned above, users can authenticate themselves quickly and easily using their biometric information or device-based PINs—these methods are more user-friendly than passwords. FIDO is also interoperable across different systems and devices, providing a seamless user experience across multiple platforms.

  • Easy Scalability: FIDO is easily scalable since it is a widely adopted open standard. It can be implemented by any online service, device manufacturer, or application developer, offering flexibility and scalability for businesses of all sizes.  It also reduces the cost of implementing and maintaining authentication systems since it eliminates the need for additional hardware or software to manage passwords.

Finally, by replacing traditional password-based methods, FIDO protects users from cyber threats.

FIDO is the future of passwordless authentication

Authentication processes are evolving rapidly, driven by the users' needs.  As technology advances, we can expect authentication processes to become even more sophisticated, secure, and user-friendly—FIDO is quickly becoming part of that future.

At Link Money, we're staying ahead of the curve by embracing FIDO adoption and seamlessly incorporating it within our linking processes. Users can conveniently register their biometrics after linking their bank accounts, enabling future payments to be completed in mere seconds. By offering our merchants a more streamlined checkout experience, we're creating a mutually beneficial scenario for all parties involved.