FIDO Platform Authenticators

2021-04-29 5 minutes to read
Tutorial Index

What is FIDO

Fast Identity Online (FIDO) describes a set of open authentication standards for passwordless authentication. The FIDO Alliance, a group of technology companies, developed FIDO for their authentication method. FIDO can be used with integrated platform authenticators like Windows Hello and Apple Touch ID (authenticators that are integrated with a device for example a MacBook or Windows Laptop), hardware security Token (for example YubiKey), with a mobile App.

How does FIDO work

FIDO SDKs can be integrated in the user interface to allow for passwordless authentication for both mobile and web logins, or as an additional protection for username/password authentications (two-step authentication). FIDO uses a challenge response authentication (just like SecSign does) to secure the authentication and offer a secure and convenient passwordless login.



The user can provide a FIDO Token of his choice during the login. This could be an OS integrated authenticator like Windows Hello or biometric authentication with Apple OSX.

What FIDO devices are available?

There are two options to authenticate with FIDO devices: Platform authenticators or Hardware Token.

Hardware Token

Hardware Token are – as the name suggests – hardware devices that can be used to authenticate. The hardware device can, for example, be an USB device. The authentication is verified via a challenge-response authentication. One example for Authentication Token is a YubiKey.

Platform Authenticators

Platform authenticators are authentication options that are integrated in the specific OS, for example Windows Hello for Windows devices or Face ID/ Touch ID for Apple devices.
No additional hardware device is required with this kind of authentication, the verification of the user is performed on the device the login is executed on.

Make sure you never run out of options

How does FIDO integrate with SecSign?

SecSign Authentication doesn’t limit your users to one mode of 2FA, like other providers.
We recommend the intuitive and safer SecSign ID touch Authentication, but we know that in some cases, you just need something else.
With the SecSign ID plugins you can choose which authentication methods you want your users to perform – or have them choose during login. No cell reception? Lost your FIDO device? Forgot your phone? Logging in from a public device?
No problem with the SecSign ID multiple Authentication option.



How to manage authentication options with the SecSign ID IdM Server

The SecSign ID IdM Server offers a convenient and secure passwordless Single-Sign on (SSO) Login process across all platforms.

After authenticating with their FIDO device, FIDO application or smart phone app, the user can access all services the administrator released for him.
Alternatively, the user can log in with a different authentication method (OTP, SecSign ID), if the administrator activated this option for him.
More information about SecSign ID SSO is available here.

Your own ID-Server

On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.

Learn More
On Premise 2FA ID

Latest Blog Posts, Updates & Features

Two-Factor Authentication with Fido2 / WebAuth

The FIDO2 Project is a set of standards developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to create a strong authentication protocol for the web. It consist mainly of the WebAuth standard for the browser part ...

Mehr Lesen

Protecting the Home Office VPN with 2FA

In the recent weeks, home office work has increased potentially. And while employees are practicing social distancing from their home computer, attackers are working hard to exploit security issues in this situation that is unfami ...

Mehr Lesen

Two-Factor Authentication (2FA) vs. Two-Step Authentication (2SA)

Two-Factor Authentication and Two-Step Authentication are two options for secure authentication of users. Either one can be a good fit for your setup depending on your requirements and preferences. What is Two-Factor Authenti ...

Mehr Lesen
SecSign 2FA