FIDO 2 Web Authentication
FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. It is based on Universal 2nd Factor (U2F), an open authentication standard that strengthens and simplifies two-factor authentication (2FA) using specialized USB-based security technology found in smart cards.
FIDO2 uses end-to-end cryptography to ensure that only a legitimate user can trigger that second-factor challenge and eliminates the possibility of an attacker bypassing MFA to gain access to an account.
FIDO 2 devices are used to create the key pairs and store all the private keys. Only the public keys are stored by the website.
The U2F device generates a digital signature with the private key within the secure element and returns the digital signature and an incrementing counter value.
Strong Security: Strong two-factor authentication using public key crypto that protects against phishing, session hijacking, man-in-the-middle, and malware attacks.
Prerequisites to Configure FIDO2 Passwordless Authentication
1. The cidaas Authenticator app should be installed and set up for your account on your mobile.
2. FIDO2 should be enabled by the admin under Multifactor Settings in the admin dashboard.
3. In the Admin Dashboard, under Apps > App Settings > Edit App > Advance Settings > Authentication, FIDO2 should be added to the Authentication field.
Always ask for 2FA must be enabled to configure FIDO2 for two-step verification.
Configuring FIDO2 Passwordless Authentication
FIDO2 can be set as a passwordless authentication method during login on the user portal.
To configure it, follow these steps:
1. Register using either your email ID/mobile number/user name by clicking the relevant tab, providing your credentials, and tapping the arrow button.
2. Provide the password and click the Register button to complete registration.
3. Once registered, login to your account on your desktop or laptop, and tap the Login & Security tile.
4. In the Login & Security page, click Configure for the BACKUP CODE multifactor authentcation method. This will display the backup codes on the screen.
On the cidaas Admin Dashboard, you can configure FIDO2 under Physical Verification Setup with the following steps:
1. Click the profile icon > My Account, on the admin dashboard.
2. Click Physical Verification Setup to view the FIDO Webauthn tile under Setup physical verification.
3. Click the edit icon to configure FIDO.
4. The following window appears for FIDO setup.
5. Connect your Security Key to your computer’s USB port. Once connected, tap the button or the key symbol.
The user’s device creates a new public/private key pair unique to the local device, online service and associated with the user’s account as in the below screen:
The public key is sent to the online service and is associated with the user’s account while the private key, and any information about the local authentication method (such as biometric measurements or templates) stays on the local device.
6. Once connected, touch on the key icon chip to activate the private/public key.
7. Click Configure. The following screen gets displayed.
8. Touch your finger on the key icon chip which will display the following screen.
9. Click Done to complete the configuration.
The FIDO2 option is automatically moved under the Configured Authentication Types section.
Congratulations! FIDO webauthn has been configured for your account.
Logging in using FIDO2
On the Login page, follow these steps:
- Tap on “Click here for passwordless authentication."
- Type in your email ID.
- Click Proceed.
- Select Fido U2F to login.
- Touch your finger on the key icon chip.
- Once touched, the device uses the user’s account identifier service to select the correct key and sign the service’s challenge.
- The client device sends the signed challenge back to the service, which verifies it with the stored public key and logs in the user after successful verification.
Should you have any questions or need further assistance with configuring passwordless authentication using FIDO2, please contact our support team.
We'll be happy to help. Thank you!