Today, secure access to online applications and services has evolved into a model based on devices, public key cryptography and biometrics to replace the anachronistic use of passwords as shared secrets. Since 2013, the FIDO Alliance has developed open and scalable advancements to eliminate phishing and other security attacks. To introduce these improvements and to educate employees throughout corporate management and IT security, FIDO Alliance has developed a series of best practices and how-to white papers that match the Alliance’s goals with the responsibilities and titles of technology professionals. This work is dedicated to eliminating passwords and securing the simple act of logging on within all companies. 

A FIDO server is a necessary component in a FIDO implementation. The FIDO server stores the user’s public key credential and account information. During a FIDO Authentication or registration flow, the server generates a cryptographic challenge in response to a request from the application. The server then verifies the signature provided by the client using the server’s corresponding public key, and logs the user in. 

This white paper is intended for IT professionals and identity architects to guide them in choosing the right FIDO server implementation and deployment architecture when integrating and enabling FIDO-based authentication in enterprise applications. Enterprises must consider several factors in their planning to select and deploy a FIDO server, including build vs. buy assessment (and the risks and benefits associated with each), the desired deployment model, the required server capabilities, and the security and privacy requirements. 


White Paper: FIDO Attestation: Enhancing Trust, Privacy, and Interoperability in Passwordless Authentication

This document intends to provide a comprehensive understanding of attestation’s role in enhancing and advancing…

Read More →

White Paper: Synced Passkey Deployment: Emerging Practices for Consumer Use Cases

This paper explores the emerging practices surrounding the use of synced passkeys which allow passkey…

Read More →

White Paper: Addressing FIDO Alliance’s Technologies in Post Quantum World

There has been considerable press, a number of papers, and several formal initiatives concerned with…

Read More →

12314 Next