FIDO2 – An Open Authentication Standard
FIDO2 is an open authentication standard, hosted by the FIDO Alliance and supported by browsers and many large tech companies such as Microsoft, Yubico, etc. It consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authenticator Protocol (CTAP).
FIDO2 Authentication Options
Addresses a Variety of Authentication Use Cases
Two-factor authentication
Strong two-factor authentication using a hardware authenticator or biometrics as an extra layer of protection beyond a password.
Try it!Passwordless authentication
Strong single-factor authentication using a hardware authenticator or biometrics, eliminates the need for weak password-based authentication.
Try it!Usernameless authentication
Strong single-factor authentication using a hardware authenticator or biometrics, without the need of both username and password.
Try it!Multi-factor authentication
Strong multi-factor authentication using a hardware authenticator and a PIN or biometrics, to meet high assurance requirements.
Try it!Authenticators
Built into the Computer/Phone
Is attached using a client device-specific transport, called platform attachment, and is usually not removable from the client device.
Eg. Windows Hello, Mac Touch Bar, Android mobile biometrics or PIN/pattern/passphrase.
Security Key
Is attached using cross-platform transports, called cross-platform attachment, connected via USB, NFC or Bluetooth.
Eg. Security key which supports FIDO U2F or FIDO2, such as
YubiKey
Support
Supported natively across browsers and platforms.
Note
- The newest versions of browsers and platforms are recommended.
- Currently supported features are different between browser & platform combinations. Please click on each browser for details.
- Browsers and platforms which are not listed here do not support WebAuthn now or no information. (Last updated: April 2021)
Desktop
ChromeOS | Linux | MacOS | Windows 10 | |||
FIDO U2F API | ||||||
FIDO2/ WebAuthn API |
CTAP1/U2F | USB | ||||
NFC | ||||||
BLE | ||||||
CTAP2 | USB | |||||
NFC | ||||||
BLE | ||||||
Internal | ||||||
Resident Key | External | |||||
Internal | ||||||
Client PIN |
MacOS | Windows 10 + New Edge | Windows 10 + Old Edge | |||
FIDO U2F API | |||||
FIDO2/ WebAuthn API |
CTAP1/U2F | USB | |||
NFC | |||||
BLE | |||||
CTAP2 | USB | ||||
NFC | |||||
BLE | |||||
Internal | |||||
Resident Key | External | ||||
Internal | |||||
Client PIN |
MacOS | Windows 10 | |||
FIDO U2F API | ||||
FIDO2/ WebAuthn API |
CTAP1/U2F | USB | ||
NFC | ||||
BLE | ||||
CTAP2 | USB | |||
NFC | ||||
BLE | ||||
Internal | ||||
Resident Key | External | |||
Internal | ||||
Client PIN |
MacOS | |||
FIDO U2F API | |||
FIDO2/ WebAuthn API |
CTAP1/U2F | USB | |
NFC | |||
BLE | |||
CTAP2 | USB | ||
NFC | |||
BLE | |||
Internal | |||
Resident Key | External | ||
Internal | |||
Client PIN |
Mobile
Chrome | Edge |
Firefox
(cannot perform authr attestation) |
|||
FIDO U2F API | |||||
FIDO2/ WebAuthn API |
CTAP1/U2F | USB | |||
NFC | |||||
BLE | |||||
CTAP2 | USB | ||||
NFC | |||||
BLE | |||||
Internal | |||||
Resident Key | External | ||||
Internal | |||||
Client PIN |
Chrome | Edge | Firefox | Safari | Brave | |||
FIDO U2F API | |||||||
FIDO2/ WebAuthn API |
CTAP1/U2F | USB | |||||
NFC | |||||||
BLE | |||||||
Lightning ( YubiKey 5Ci) |
|||||||
CTAP2 | USB | ||||||
NFC | |||||||
BLE | |||||||
Internal | |||||||
Lightning ( YubiKey 5Ci) |
|||||||
Resident Key | External |
(cannot select account) |
|||||
Internal | |||||||
Client PIN |
(registration only) |