Why are standards important?
Open industry standards assure that existing and future products and offerings are compatible and that anyone can evaluate the technology. Users can depend on their FIDO devices working wherever FIDO authentication is supported. Service providers and enterprises can accommodate various devices and services without having to make new investments or reverting to proprietary configurations.
Similar to the development of WiFi, Bluetooth, NFC, and other standards, FIDO is developing a new set of industry protocols. Any device manufacturer, software developer and/or online service provider can build support for FIDO protocols into their existing products and services to make online authentication simpler and stronger for their users. With the goal of standardization, the FIDO ecosystem can grow and scale by means of the “net effect”, where any new implementation of the standards will be able to immediately interoperate with any other implementation without the need for any pre-established arrangement between device developer and service provider.
What’s the difference between U2F and UAF? Why two separate standards?
How can I be sure that the product I’m buying conforms to FIDO standards?
Has FIDO made implementation rights available to anyone?
Is one FIDO token/dongle/device better than another? How can I choose which to buy?
FIDO specifications are device-agnostic and support a full range of authentication technologies, including U2F tokens and biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as PIN or pattern-protected microSD cards. FIDO specifications will also enable existing solutions and communications standards, such as Trusted Platform Module (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). Because FIDO specifications are open, they are designed to be extensible and to accommodate future innovation, as well as protect existing investments.
FIDO specifications allow users a broad range of choice in devices that meet their needs or preferences, as well as those of service providers, online merchants, or enterprises where users must authenticate.
Will the FIDO 1.0 specs enable anyone to begin using the specs to develop and offer FIDO certified products?
What does FIDO Ready mean? And FIDO Certified?
What has changed since the draft release of the specifications in February?
For FIDO U2F, the changes can be summarized as: 1) Switch to USB HID as the transport from WinUSB; 2) Updates to the webAPI syntax; 3) Addition of AppID checking to allow app/URL key sharing.
For FIDO UAF, a high-level summary is: 1) Detail-level evolution and refinement; 2) Addition of Metadata Service specification; 3) Addition of AppID checking to allow app/URL key sharing.