The FIDO Alliance’s user authentication certification programs ensure that authentication products adhere to FIDO user authentication specifications for conformance, security, and interoperability – enabling trusted sign-ins with passkey at scale.
The following image illustrates the certifiable components that FIDO authentication relies on, including authenticators, servers, and biometric components.
When a passkey is created, a private key dedicated to one app is created and the corresponding public key is stored on the service provider’s FIDO server. To sign in, users verify themselves via their device’s built-in security features, such as a biometric. This verification is communicated to the authenticator, which then communicates with the server to complete the challenge/response process.
Certifiable Authentication Products
Authenticators
Hardware authenticators (form factors such as security keys, cards, and wearables)
- Conforming to FIDO2, U2F specifications
- Must be certified to at least Authenticator Certification Level 1 (L1)
Software authenticators (applications built to FIDO UAF or FIDO2 specifications)
- Conforming to UAF and FIDO2 specifications
- Must be certified to at least Authenticator Certification Level 1 (L1)
- Both hardware and software authenticators can be certified to higher security levels. Refer to Certified Authenticator Levels for more info
Servers
- Conforming to FIDO2 and UAF specifications
- Functional certification only
Refer to FIDO Certification for more information on the available certification programs.
Why FIDO User Authentication Certification Matters
For vendors:
Build trust in passkey sign-ins: Certification demonstrates that your product supports secure, phishing-resistant authentication using FIDO standards-based passkeys.
Ensure interoperability across the passkey ecosystem: Certified products work seamlessly across platforms, devices and services that support FIDO-based passkey authentication.
Reduce risk from phishing and credential theft: FIDO standards eliminate shared secrets, significantly reducing the risk of account takeover.
Accelerate passkey adoption: Certification helps meet enterprise requirements and removes friction in deploying passkey-based authentication.
Prove product readiness: Independent testing ensures your passkey implementation performs reliably in real-world environments.
Align with the future of authentication: Passkeys, built on FIDO standards, are rapidly becoming the default for modern sign-in experiences.
For businesses implementing passkeys:
Reduce authentication risk: Certified solutions are validated to protect against phishing and account takeover attacks.
Ensure cross-platform compatibility: Deploy passkeys that work across browsers, operating systems and devices.
Simplify vendor evaluation: Certification provides a trusted baseline, reducing the need to validate security claims independently.
Deploy passkeys with confidence: Tested interoperability and performance reduce integration challenges and rollout risk.
Future-proof authentication investments: Align with industry standards driving the shift to passwordless authentication.
Deliver better user experiences: Enable fast, simple sign-ins with passkeys – without compromising security.
Get Started with FIDO Certification Programs for User Authentication
- Functional Certification for authenticators and clients – allows members and non-members to measure compliance and ensure interoperability among authenticator and client products and services that support FIDO specifications.
- Functional Certification for servers – allows members and non-members to measure compliance and ensure interoperability among server products and services that support FIDO specifications.
- Biometric Component Certification – is the first program that tests biometrics for identity verification and is renowned for certification credibility in the industry.
