What if there was a way to log into your software safely and securely, without ever having to enter a password? Now there is using FIDO2, an authentication standard that bypasses pesky password screens. With the most recent updates for Android and iPhone OS, Genea Access Control users can log in password-free. But is FIDO2 really secure enough? Let’s explore.
What is FIDO2?
If password-less authentication elicits a visceral skepticism, keep reading. It’s reasonable to ask, “How am I more secure without a password than with one?” The answer lies within an authentication protocol called FIDO2.
FIDO2 is the latest protocol of the non-commercial FIDO Alliance (Fast Identity Online), which was created to develop open and license-free standards for secure, worldwide authentication online.
Basically, FIDO2 enables common devices, like mobile devices and smart tablets, to authenticate online services without a password. These services could be based in mobile or desktop environments. Web services and apps with FIDO2 functionality give users an easier login experience via biometrics, mobile devices and FIDO2 security keys.
Why Passwords Aren’t Enough
For most of the computer era, passwords have been the gold standard in credential authentication. However, passwords take forms of all lengths and strengths — and therein lies the problem. The onus of a password’s effectiveness is on the user when it should be on the system administrator. Consequently, the access control system can only protect to its full potential with strong passwords. The risks of using passwords include:
- Guessed passwords
- Bad passwords
- Reused passwords
Additionally, a growing number of password-protected apps means users must recall a great number of passwords. FIDO2 eliminates potential mishaps.
The Core of FIDO2
Think of FIDO2 as a language with two “alphabets” (or components). These alphabets, known as a W3C standard web API (WebAuthn) and Client to Authenticator Protocol (CTAP), are at the core of FIDO2. Together, they interact over Bluetooth, USB, or Near-field Communication (NFC), which carries FIDO2 between devices.
CTAP enforces a secure device-to-device authentication conversation. The device-to-device communication is typically between a user-owned authenticator — such as a smartphone or a hardware key — and a client platform, such as a laptop.
How does FIDO2 Work?
- The user registers with a web service (e.g., Genea Access Control). This generates a new key pair on the device – consisting of a private key and a public FIDO2 key.
- The device stores the private key on the client-side, whereas the public key is registered in Genea’s key database.
- Subsequent authentications are now only possible by verification with a private key and must always be unlocked by a user.
The Advantages of Password-Less Property Technology
FIDO2 provides cryptographic login credentials that are unique across every website. Additionally, the credentials never leave the user’s device or stored on a server. The security protocol also eliminates the risks of phishing, all forms of password theft and replay attacks. Benefits of FIDO2 include:
- Increases Security
- Heightens Privacy
- Eliminates Passwords
Additionally, even if the log-in data is compromised, the FIDO2 login will only work with the respective hardware token or private key, which is also bound to dedicated hardware (e.g., a smartphone).
Genea uses native web browsers to complete the login process. Therefore, if you have any browser from this handy list, then the Genea Access Control app will work seamlessly with your security keys. For more information, contact us.