FIDO

Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication (2FA) using specialized USB based security technology found in smart cards.

FIDO U2F devices are used to create the key pairs and “store” all the private keys. Only the public keys are stored by the website.

The U2F device generates a digital signature with the private key within the secure element and returns the digital signature and an incrementing counter value.

Strong Security: Strong two-factor authentication using public key crypto that protects against phishing, session hijacking, man-in-the-middle, and malware attacks.

Note As of now FIDO supports google **chrome**.

FIDO Configuration

Step 1

On cidaas user profile page, go to Physical Verification Setup and select Configure button seen under the FIDO U2F option

Step 2

Insert the FIDO security key in the USB port or connect with USB cable. The user’s device creates a new public/private key pair unique to the local device, online service and associated with the user’s account as in the below screen:

Public key is sent to the online service and is associated with the user’s account. The private key and any information about the local authentication method (such as biometric measurements or templates) never leave the local device.

Step 3

Once connected, touch on the key icon chip to activate, if your key is one of them (private/public key)

Step 4

Click “Configure” button, from the user portal -> physical verification setup, the below screen gets displayed:

Step 5

Touch your finger on the key icon chip, The below screen gets displayed:

Step 6

Click on Done button, The configured Fido U2f is available under the Configured Authentication Types:

FIDO U2F – Usage

Step 1

During login, select “Click here for passwordless authentication, Enter your email ID and click Proceed. Select Fido U2F to login.

Step 2

Click on “Fido U2F”, touch your finger on the key icon chip. After the key icon is touched, the device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge.

Client device sends the signed challenge back to the service, which verifies it with the stored public key and logs in the user

Step 3

You have now successfully logged in to the application/web portal.

results matching ""

    No results matching ""