TL;DR Breakdown
- FIDO2 Passkeys provides a more secure and convenient authentication solution that replaces passwords and other less secure methods.
- The Passkey generates a unique key pair that is stored securely on the device, making it difficult for attackers to access online accounts.
- Despite its advantages, the Passkey may not be suitable for users who frequently switch between devices or who encounter compatibility issues.
FIDO (Fast Identity Online) Alliance is an industry consortium that was founded in 2013 with the goal of developing open, interoperable authentication standards that reduce the reliance on passwords. The FIDO Alliance aims to make online authentication more secure, private, and easy to use for all internet users. To achieve this, FIDO has developed various authentication technologies such as UAF, U2F, and FIDO2. One of the latest developments in this area is the FIDO2 Passkey, which promises to offer a more convenient and secure authentication solution.
The FIDO2 Passkey is a physical security key that provides secure authentication for online services. The Passkey is designed to replace passwords and other less secure authentication methods. The Passkey is a small device that connects to a computer or mobile device using a USB or NFC interface. The device generates a unique key pair that is stored securely on the device. When a user wants to log in to a service, they simply plug in the Passkey and press a button to authenticate themselves.
Advantages of FIDO2 Passkey
One of the major advantages of the FIDO2 Passkey is its ease of use. Users no longer have to remember complex passwords or go through complicated login procedures. Instead, they can simply plug in the Passkey and press a button to authenticate themselves. This makes the Passkey an ideal solution for people who want to secure their online accounts but do not want the hassle of remembering multiple passwords.
Another key advantage of the FIDO2 Passkey is its security. Unlike passwords, which can be easily hacked or stolen, the Passkey generates a unique key pair that is stored securely on the device. This means that even if an attacker gains access to a user’s computer or mobile device, they will not be able to access the user’s online accounts without the physical Passkey.
The FIDO Alliance has partnered with several major technology companies such as Microsoft, Google, and Apple to promote the use of the FIDO2 Passkey. Many popular online services such as Facebook, Dropbox, and GitHub already support the FIDO2 standard, making it easier for users to adopt the Passkey.
Despite its advantages, the FIDO2 Passkey is still a relatively new technology and may not be suitable for everyone. For example, users who frequently switch between devices may find it inconvenient to carry the Passkey with them at all times. Additionally, the Passkey may not be compatible with all devices or operating systems, which could limit its usefulness.
Behind the scenes, the app disallows the use of Microsoft Windows Hello which serves to reduce a major source of confusion in testing (see notes on the other resources!) and also enforces “user verification” — the FIDO feature that adds a second factor (e.g. PIN) on an otherwise single factor authenticator.
Basic and advanced testing of the FIDO2
WebAuthn.io is a great choice for basic and advanced testing of the FIDO2. The WebAuthn Test App looks and feels a bit like a spreadsheet and it’s almost that complicated to use, but it does have a lot of configurable and testable options. Use this resource only if for some reason WebAuthn.io does not suffice or if your intent is on testing Microsoft’s particular implementation of the WebAuthn standard.
How to reset a FIDO2 security key
- Press Windows + I to bring up the Settings app.
- In the search field, type “fido” and select either result (both appears to link to the same sign-in options view)
- Select Security Key from the list and then click Manage.
- Touch the security key when prompted and then select Reset.
Note: FIDO2 devices have no PIN at the beginning, but support PIN setting. The PIN code length is limited to 4-63 digits.
The FIDO2 Passkey is a promising technology that offers a more secure and convenient way to authenticate online accounts. The Passkey’s ease of use and high level of security makes it an attractive alternative to traditional passwords. As more online services adopt the FIDO2 standard, the Passkey has the potential to become the standard for online authentication. However, users should be aware of its limitations and compatibility issues before adopting the Passkey.
