FIDO2
FIDO2 is an open authentication standard that enables passwordless, phishing-resistant authentication using cryptographic keys on hardware tokens or devices. It is the foundation for modern authentication that is both more secure and more user-friendly than passwords.
# WHAT TEAMS RUN INTO
- —
FIDO2 adoption requires users to own compatible devices or hardware keys. Not all users have FIDO2-capable phones or can manage hardware keys, fragmenting authentication methods across the organization.
- —
FIDO2 keys can be lost or stolen. Without a backup authentication method, losing a FIDO2 key means losing access to accounts. Recovery becomes a support burden.
- —
Application support for FIDO2 varies. Some web and mobile apps support it fully, others have partial support or don't support it at all, forcing fallback to weaker authentication methods.
# WHY IT MATTERS
FIDO2 is the closest thing we have to an authentication standard that is cryptographically strong and resistant to the most common attacks. It prevents phishing because the cryptographic key is scoped to a specific domain — an attacker cannot trick a user into using a FIDO2 key on a fake site. As FIDO2 adoption spreads, it gradually replaces the vulnerability of passwords with the strength of cryptographic verification.