Overview#Fast IDentity Online (FIDO) Alliance has a to change the online authentication process, making it both more secure and more user friendly. Specific goals are:
- Develop technical specifications that define an open, scalable, interoperable set of mechanisms to reduce the reliance of the online authentication process on passwords
- Operate industry programs to help ensure worldwide adoption of these specifications
- Obtain formal standardization for these specifications
The FIDO authentication protocols are designed to allow robust authentication while providing a superior user experience and protecting user privacy. They incorporate the following principles:
- Strong authentication (Whatever that is???)
- A user experience that combines ease of use with proof of intent: proof of a user’s physical presence activates the protocol
- Privacy protection
Secrets are stored only on that device and are never exposed to the cloud computing. This design principle is the cornerstone of the FIDO protocols, Universal Second Factor (U2F) and Universal Authentication Framework (UAF) (described in Sections 3.3.3 and 3.3.4). Both protocols improve security while providing satisfactory usability. U2F strengthens password authentication by adding a requirement for a simple-to-use token, the presence of which constitutes a second Authentication Factor. UAF can eliminate the password requirement by using biometrics or another Authentication Factor to authenticate the user to the local device. That same authenticator can be used across multiple online services.
The FIDO specifications also include several requirements that put user friendliness in focus, without jeopardizing user privacy. Unique site-specific credentials authenticate each user to each individual website, thus preventing tracking a user across online services. The architecture is designed in a way that user’s passwords, biometrics or Private Keys are securely kept in the user’s local device.