The FIDO Alliance has opened its June interoperability testing event, giving FIDO2 and FIDO UAF implementers a certification step for passwordless authentication products.

The remote testing window runs June 8-12, following a pre-testing period from June 3-7. FIDO interoperability events allow server, authenticator, and client implementers to test their products against one another, identify compatibility issues, and remain eligible for certification once conformance and interoperability requirements are met.

For FIDO2 implementations, servers test against participating authenticators, while client and authenticator implementations test against participating servers under the relevant FIDO procedures. The Alliance requires participating implementations to pass conformance testing self-validation before the interoperability event and to avoid changes between self-validation and testing.

The testing window comes as passkeys continue to move from consumer platforms into enterprise and regulated environments. The FIDO Alliance recently brought its Authenticate conference to Asia-Pacific, and SK Telecom joined the FIDO Alliance board as passkey adoption accelerated.

Passkey deployments rely on interoperability across devices, browsers, identity providers, authenticators, and relying parties. A product that works only inside one vendor’s environment does not deliver the portability and phishing resistance that FIDO standards are intended to support.

The June event also follows continued attention to implementation risks. Proofpoint recently warned of downgrade attack risks for FIDO passkeys, underscoring the need for correct policy configuration and standards-based deployments.

FIDO says implementers that pass the interoperability procedures with all other relevant participants, or show that any failures are not caused by non-conformance in their own implementation, can proceed in the certification process. Additional interoperability events are scheduled for September, with another event planned for November.

The testing process gives implementers feedback before products move into production environments where a failed authenticator, unsupported server behavior, or inconsistent metadata handling can create user lockouts or security gaps.

The FIDO Alliance maintains separate certification programs for servers, authenticators, and clients across FIDO2 and FIDO UAF specifications. Certified products are listed in the Alliance’s metadata service, which relying parties can use to verify authenticator properties during registration and authentication. The Alliance has also been developing specifications for cross-platform passkey exchange, which would allow users to move passkeys between different credential managers and platforms.


More

CSO: Two years after the OPM data breach: What government agencies must do now

In this look back at the OPM data breach, Jeremy Grant of Venable and FIDO’s…

Read More →

mHealth Intelligence: Can Behaviors Replace the Password on Mobile Health Devices?

mHealth Intelligence reports on a FIDO Alliance webinar featuring Aetna, who spoke on modern authentication…

Read More →

Health Data Management: What can healthcare providers do about the rising number of security breaches?

FIDO Alliance’s Brett McDowell and Aetna’s Jim Routh explain that, with the increasing frequency of…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.