Overview
FIDO2 is the latest generation of the FIDO Alliance's authentication standards. it allows users to leverage common devices (like smartphones or security keys) to easily authenticate to online services in both mobile and desktop environments.
Components
- WebAuthn: A standard web API that allows browsers to communicate with authenticators.
- CTAP (Client to Authenticator Protocol): Allows an external authenticator (like a USB key) to communicate with a client device (like a laptop).
Why it's Secure
FIDO2 uses public-key cryptography. The private key never leaves the user's device, and the authentication process is tied to the specific domain of the website, making it immune to phishing.