Passwordless (FIDO2) Part 1 — What is FIDO2?

Photo by NeONBRAND on Unsplash

Background

Recently I heard about FIDO2, a passwordless web authentication method. As a UX Designer, I am curious to understand more about Passwordless ( FIDO2) in the following areas:

1. What is FIDO2?
2. User review. What do different tech level (i.e. non-tech, semi-tech and tech) think about FIDO2? (coming soon…)
3. What are the challenges designing and adopting for FIDO2? (coming soon…)

Password

• According to FIDO alliance each users have more than 90 online accounts.
• ⅓ of online purchases are abandoned due to forgotten passwords
• What if we don’t need password to access our accounts? Time to think beyond passwords.

FIDO2

FIDO2 authenticators = Passwordless way to access the account on website browsers

FIDO2 is a passwordless web authentication method which aims to provide a simpler and stronger authentication option for the users. Users can access their accounts with browsers using biometrics, security key (U2F) and more.

“Protects against phishing, man-in-the-middle and attacks using stolen credentials.”

How it works?

• Set up FIDO2 ( If the user didn’t set it up previously)
• Once users set up an account, they can then sign in with the user ID
• The browser will ask the user to show their FIDO2 authenticator to get access to their account
• Signed in seamlessly. Magic!

Passwordless experience (UAF standards)

Why is FIDO2 more secure?

• According to fido alliance “FIDO2 cryptographic login credentials are unique across every website, never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft and replay attacks.”
• Users are forgetful — FIDO2 authenticators can reduce reliance on user setting weak passwords and remembering passwords.