Disclaimer: I’m working on Solo, the first open source security key to support the new FIDO2 standard. Solo is available at solokeys.com. In the US, you can also buy it from Amazon.
FIDO2 is a new standard for secure login and strong authentication, and it’s the successor of FIDO U2F. Both standards are set by the FIDO Alliance, a non-profit organization formed in 2012 to develop specifications that define an open, scalable, interoperable set of mechanisms to securely authenticate users of online services.
FIDO2 works already on many sites, including Google, Facebook, Twitter, Dropbox, Github, and more. FIDO2 is not only a consumer solution, but also works with many services for B2B and enterprises, like Salesforce and DUO. As a popular standard already adopted by the Bigs, we’ll certainly see an increased number of services adopting FIDO2 in the near future.
What makes FIDO2 special is the strong protection it offers against online attacks. Like other forms of two-factor authentication, FIDO2 reduces reliance on complex passwords, and protects you against account takeover (for example, if your password gets stolen). Moreover, FIDO2 protects against phishing, often referred to as “the ultimate protection” against phishing.
Google, for example, reported zero successful phishing attacks against 85,000+ employees “on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes” (source: KrebsonSecurity).
In addition to being a strong protection against online attacks, FIDO2 security keys are also designed to be easy to use. To log in with Solo, for example, you just have to plug it into your laptop or phone, and press its button. That’s it. And with Solo Tap, the contactless version with NFC, you can login by simply tapping it against your compatible mobile phone.
In terms of platform support, FIDO2 devices work on Mac OS X, Windows, Linux, Chrome OS, and on all major browsers with FIDO2, WebAuthn, or U2F like Chrome, Firefox, Edge, and very soon Safari.
To summarize, FIDO2 is a new standard for secure login, that’s easy to use and protects you from phishing and other online attacks across Google, Facebook, and more. And if you have any feedback or suggestion, please use the comments below or find me @0x0ece.
Update: Solo is available at solokeys.com. In the US, you can also buy it from Amazon.