Novaris FIDO Security

Two-factor authentication (2FA)

An average person has 25 online accounts. Facebook, Gmail, Apple, Bol.com, Dropbox, and so on. These online accounts are all protected with a username and password. Essential in this is that the password is and remains secret. Many people conveniently use the same login names and passwords for different online services. Understandable, but not safe. In the case of infringement, the culprit will automatically have access to multiple accounts.

The solution? Use not one, but more factors to log in.

Two-factor authentication (2FA) is a secure way of logging in. The identity of the user is determined by two factors. You open the digital lock, as it were, not with one key, but with two keys. This means that in addition to entering a username and password you need a second factor.

Sometimes the phone is used as a 2nd-factor authentication, usually via SMS. The user has to install a special authenticator app on his phone, and the user has to type the code into the service using 2FA. Unlike SMS or mobile app verification, a security hardware token doesn’t require a separate battery or network connection. Most importantly, security tokens use authenticated communication to defend against phishing attacks.

Using an authentication tool such as an OTP token next to a username/password combines two authentication factors: the password is what you know, the token is what you have. We at FIDO Security have selected the most secure and convenient products: OTP tokens and FIDO tokens

OTP tokens are so-called hard-tokens, where the OTP token securely contains a private key. FIDO goes one step further: safer, simpler, and universally applicable.

Public-key cryptography

FIDO is based on public-key cryptography and is suitable for multiple user scenarios, including a strong first factor (passwordless), a strong second factor, and even multi-factor authentication. With these capabilities, the security key can completely replace weak static username/password with public key crypto hardware and biometric authentication to protect against phishing, session hijacking, man-in-the-middle, and malware attacks.

Privacy

The FIDO protocols have been designed from the start to protect users' privacy. The protocols do not provide information that can be used by various online services to collaborate and track a user about the services. Biometric information, if used, never leaves the user's device.

Authentication protocols

FIDO standardizes the authentication protocol used between the user and the online service. The protocol is based on standard public-key cryptography. When registering with an online service, the user's device creates a new key pair. It retains the personal key and registers the public key with the online service. Later, with authentication, the service verifies that the user owns the private key by asking him to sign a challenge. The user's private keys can only be used after they are unlocked locally on the device. Local unlocking is achieved through a user-friendly and secure action, such as entering a PIN, placing a second-factor token, or giving a fingerprint.

FIDO2- Moving the World Beyond Passwords

FIDO2 is the new FIDO standard that provides a simple and secure login for web services based on PKI technology without the complexity. Depending on the implementation in the web service, so-called password-less login can be used. This password-free login is already supported by Microsoft in some of its web services, among other things, and other service providers are expected to follow soon.

Find more about how FIDO works at the FIDO Alliance website.

FIDO from Feitian Technologies

Novaris FIDO Security has been a full distributor of Feitian security products since 2003.

Feitian Technologies has been an active member of the FIDO alliance from the beginning, becoming the first in the world to supply FIDO2 products based on biometrics. FIDO2 is an extension of the previous FIDO U2F. It provides the same level of security based on public key cryptography. FIDO2 offers comprehensive authentication options, including strong single-factor (passwordless!), strong two-factor and multi-factor authentication.