What is FIDO2?
An open authentication standard that combines WebAuthn and CTAP protocols to enable passwordless and phishing-resistant login.
FIDO2 is the umbrella term for the modern passwordless authentication standard, maintained by the FIDO Alliance.
Components
- WebAuthn: The browser/server API (W3C standard)
- CTAP2: Client to Authenticator Protocol — how the browser talks to hardware keys
Why It Matters
- Phishing is the #1 attack vector — FIDO2 makes it impossible
- Credentials are cryptographically bound to the legitimate website
- A phishing site cannot request or use your FIDO2 credentials
Supported Authenticators
- YubiKey 5 series
- Google Titan Security Key
- Nitrokey FIDO2
- Windows Hello
- Apple Face ID / Touch ID
- Android biometrics
Adoption
Google, Microsoft, Apple, and most major platforms support FIDO2. Many organizations are mandating it for employee authentication.
Related Terms
Hardware Security Key
A physical device used for authentication that provides the strongest form of two-factor authentication. Hardware keys are immune to phishing attacks because they cryptographically verify the legitimacy of the website before responding.
Passkey
A passwordless authentication method using public-key cryptography, typically stored on your device and protected by biometrics or device PIN. Passkeys are phishing-resistant and designed to replace passwords entirely.
Two-Factor Authentication
A security method requiring two different types of identification to access an account: something you know (password) plus something you have (phone, hardware key) or something you are (biometric). This significantly reduces the risk of unauthorized access even if your password is compromised.
WebAuthn
A web standard that enables passwordless authentication using hardware security keys, biometrics, or platform authenticators.
Have more questions?
Use our guided flow to get the right next privacy step for FIDO2.
Open Guided Flow