FIDO2 expands to browsers
27 September 2018 13:39 GMT

 FIDO2 browser support and first certified products are now available to reduce password use on the web, the FIDO Alliance has announced. Now, any website can leverage FIDO2 strong authentication protocols from the W3C and FIDO Alliance to replace passwords with cryptographically secure logins using convenient alternatives like on-device biometrics and FIDO Security Keys.

Google Chrome, Microsoft Edge and Mozilla Firefox browsers now support FIDO2, a big advancement since the standards were introduced last April. Between this support and newly certified products supporting a wide variety of use cases, service providers have all of the tools needed to roll out FIDO Authentication for their websites and applications. FIDO Authentication has been proven to protect against the phishing and security risks associated with passwords, provide better user experiences over remembering and typing passwords, and lower authentication support costs.

“With FIDO2, the tech industry has, for the first time, established a technology standard for strong, phishing-resistant authentication on the web that promises better security and a better user experience. These announcements today of certified products and leading web browser support deliver on that promise by bringing these new capabilities to market,” said Brett McDowell, executive director of the FIDO Alliance. “Any web application — consumer or enterprise, mobile or desktop — can now be enabled to take advantage of these innovations at internet scale with the full confidence that comes from an independent certification program designed and governed by their peers.”

Organizations that have achieved FIDO2 certification for security key and biometric authenticators, clients and servers include: CROSSCERT: KECA (Korea Electronic Certification Authority); Dream Security Co., Ltd. Korea; ETRI; eWBM Co., Ltd.; IBM; Infineon Technologies; INITECH Co., Ltd.; Nok Nok Labs(Universal Server); OneSpan; Raonsecure; Samsung SDS; Singular Key; Whykeykey Inc.; Yahoo Japan Corporation; Yubico. Products are certified for FIDO2 by the FIDO Alliance to ensure compliance with the specifications, as well as interoperability among FIDO products. Today’s announcement also includes the first certified FIDO Universal Server, which a service provider can use to ensure compatibility with authenticators based on all FIDO specifications (FIDO UAF, FIDO U2F and FIDO2).