What are FIDO Security Keys and How Do They Work?

Tue 15 Aug 2023
Home 9 Knowledge Base 9 What are FIDO Security Keys and How Do They Work?

What are FIDO Security Keys?

FIDO U2F security keys are small USB devices that enable secure login to websites and applications. They are the solution to the problem with weak passwords, Cyber hacking, phishing scams and keyloggers.

FIDO U2F [Universal Second Factor] allows online services to strengthen login security by adding a high-security second factor to user logins. Traditional logins requiring a password or PIN can be reinforced by requiring the presence of the FIDO U2F authentication dongle. The user simply needs to touch the button on the USB Key or tap an NFC/BLE enabled token using their smartphone or tablet.

How Do They Work?

FIDO U2F security keys utilize public-key cryptography to assert the identity of the user. At the point of registration with the website, or on first use of the application, the user presents the FIDO U2F device which then generates a new keypair – the public key is shared with the application, the private key is kept hidden by the device. At subsequent logins the website or application issues a challenge which the device signs internally using the private key. The device will only perform the signature after the user has ‘unlocked’ the device (e.g., by touching the button on the device). The application then verifies the returned signature using the previously shared public key.

The FIDO U2F protocol enables these devices to be used as a second factor at login. Developed by the FIDO Alliance, an industry consortium whose members include Google, Microsoft, Samsung, PayPal, MasterCard, Visa and RSA Security, FIDO U2F is gaining rapid support across the industry.

How Do I Use Them?

On their own, FIDO U2F tokens can be used with services that already support them such as Google Accounts, Dropbox  and GitHub.

Related Posts

FIDO U2F Setup Guide for Online Services and Applications

This PDF provides a guide for end-users to enable Two-factor authentication for specific ...

Troubleshooting FEITIAN security keys

Check if the key is powered - if the key is inserted to a USB port, check to see if the LED is ...
Achieving FedRAMP Compliance with FEITIAN Technologies

Achieving FedRAMP Compliance with FEITIAN Technologies

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide ...
Enterprise Security

Stay in the know

Join our community of security-conscious individuals and organizations who prioritize safeguarding their sensitive data. Stay informed about the latest advancements in cyber-physical technology and discover how FEITIAN can empower you to take control of your digital security.

"*" indicates required fields

Full Name*