FIDO SECURITY - YOUR TRUSTED PARTY FOR ONLINE AUTHENTICATION - INFO@FIDOSECURITY.EU
FIDO SECURITY - YOUR TRUSTED PARTY FOR ONLINE AUTHENTICATION - INFO@FIDOSECURITY.EU
An average person has 25 online accounts. Facebook, Gmail, Apple, Bol.com, Dropbox, and so on. These online accounts are all protected with a username and password. Essential in this is that the password is and remains secret. Many people conveniently use the same login names and passwords for different online services. Understandable, but not safe. In the case of infringement, the culprit will automatically have access to multiple accounts.
The solution? Use not one, but more factors to log in.
Two-factor authentication (2FA) is a secure way of logging in. The identity of the user is determined by two factors. You open the digital lock, as it were, not with one key, but with two keys. This means that in addition to entering a username and password you need a second factor.
Sometimes the phone is used as a 2nd-factor authentication, usually via SMS. The user has to install a special authenticator app on his phone, and the user has to type the code into the service using 2FA. Unlike SMS or mobile app verification, a security hardware token doesn’t require a separate battery or network connection. Most importantly, security tokens use authenticated communication to defend against phishing attacks.
Using an authentication tool such as an OTP token next to a username/password combines two authentication factors: the password is what you know, the token is what you have. We at FIDO Security have selected the most secure and convenient products: OTP tokens and FIDO tokens
OTP tokens are so-called hard-tokens, where the OTP token securely contains a private key. FIDO goes one step further: safer, simpler, and universally applicable.
OTP tokens use so called One-Time Passwords (OTP) to authenticate that the user is using an online service. OTP is based on one of the following techniques:
Event-based One-Time-Password
This cryptographic method is based on a high-up and sequentially number. When a user presses the button on the token, the token with the private key in the token generates a unique One-Time-Password to be entered into the application.
Time-based One-Time-Password
This cryptographic method is based on the time of the token and the server. When a user presses the button on the token, the current time, together with the private key in the token, forms a unique One-Time-Password. The One-Time-Password changes every 30 or 60 seconds. This short validity minimizes the likelihood of interception.
Because FIDO tokens are unique to any internet site, they cannot be used to track users on different sites.
In addition, biometric data never
leaves the user's key.
FIDO cryptographic login credentials are unique on any website, never leave the key and are never stored on a server.
This security model eliminates the risks of phishing, all forms of password theft, and replay attacks.
Users unlock the stored cryptographic
login credentials by touching
the key or placing a fingerprint.
A single FIDO security key is
suitable for thousands of many on-line applications.
FIDO is based on public-key cryptography and is suitable for multiple user scenarios, including a strong first factor (passwordless), a strong second factor, and even multi-factor authentication. With these capabilities, the security key can completely replace weak static username/password with public key crypto hardware and biometric authentication to protect against phishing, session hijacking, man-in-the-middle, and malware attacks.
The FIDO protocols have been designed from the start to protect users' privacy. The protocols do not provide information that can be used by various online services to collaborate and track a user about the services. Biometric information, if used, never leaves the user's device.
FIDO standardizes the authentication protocol used between the user and the online service. The protocol is based on standard public-key cryptography. When registering with an online service, the user's device creates a new key pair. It retains the personal key and registers the public key with the online service. Later, with authentication, the service verifies that the user owns the private key by asking him to sign a challenge. The user's private keys can only be used after they are unlocked locally on the device. Local unlocking is achieved through a user-friendly and secure action, such as entering a PIN, placing a second-factor token, or giving a fingerprint.
FIDO2 is the new FIDO standard that provides a simple and secure login for web services based on PKI technology without the complexity. Depending on the implementation in the web service, so-called password-less login can be used. This password-free login is already supported by Microsoft in some of its web services, among other things, and other service providers are expected to follow soon.
Find more about how FIDO works at the FIDO Alliance website.
Novaris FIDO Security has been a full distributor of Feitian security products since 2003.
Feitian Technologies has been an active member of the FIDO alliance from the beginning, becoming the first in the world to supply FIDO2 products based on biometrics. FIDO2 is an extension of the previous FIDO U2F. It provides the same level of security based on public key cryptography. FIDO2 offers comprehensive authentication options, including strong single-factor (passwordless!), strong two-factor and multi-factor authentication.
Novaris FIDO Security
Koninksweg 28
Saasveld, Nederland
+31 (0)74 2782438
info@fidosecurity.eu
FIDO Security is part of NOVARIS Security Innovations.
NOVARIS has been a full distributor for over 13 years of Feitian security products such as software security ROCKEY, PKI authentication ePass, OTP authentication, and FIDO.
IBAN: NL88INGB0009388133
BIC code: INGBNL2A
KvK: 08104833
VAT number: NL001580499B50
Copyright (c) Novaris Security Innovations, 2021 privacy policy | legal statement | terms and conditions