FIDO2 is a FIDO framework of specifications designed to replace passwords with credentials that cannot be phished, replayed, or breached when servers are compromised – and to do that without sacrificing user convenience across difference types of devices and clients.

To activate a FIDO2 credential (e.g., on a security key) users can employ gestures such as the use of PINs, biometrics, or button-pushing. Once the user is authenticated, the specifications enable the authenticator device (which could also be a host computer in its own right) to communicate information about the authentication event to other devices or systems using challenge/response protocols based on Asymmetric Key Cryptography.

Core FIDO2 specifications #

FIDO2 and related specifications#

FIDO2 also leverages some related specifications:
  • Federation Protocol Profiles: These profiles (most still to be developed) will define how particular federation protocols can request and employ FIDO2 authentication and Token Bindings. An OpenID Connect FIDO profile is planned. Other profiles, such as a SAML 2.0 profile, are also possible.
  • Token Binding over HTTP
  • Token Binding Protocol

This landing page provides links to all FIDO2 specifications as well as the preceding FIDO UAF and U2F specs.

More Information#

There might be more information for this subject on one of the following: