Thales banner

FIDO and FIDO2 Security Keys

Device-bound Passkeys for Strong Passwordless Authentication

 

What is FIDO and why use it?

FIDO2 is the umbrella term for FIDO Alliance's newest set of specifications. FIDO2 authentication enables users to capitalize on common devices to authenticate quickly and securely to online services in both desktop and mobile environments. FIDO authentication is the industry's solution to the global password challenge and addresses all of the concerns of traditional authentication.

To reduce risk to your Windows logon, SaaS applications, users with high privilege and users in general, Thales supports FIDO passwordless authentication using multi-factor authentication (MFA) hardware devices.

Switching to a Passwordless world – What is passwordless authentication?

Accessing apps or IT systems without using a password or security questions by replacing passwords with FIDO compliant devices introduces a modern passwordless MFA experience that is resistant to phishing attacks and account takeovers, and enables compliance. Enjoy a passwordless authentication solution with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching token edge).

Thales multi-factor authentication devices use current and emerging protocols to support multiple applications at the same time. Use one security key that combines support for FIDO2, WebAuthn, U2F, and PKI to access both physical spaces and logical resources.

FIDO Authentication Solutions

 

FIDOBIO

SafeNet IDPrime FIDO Bio Smart Card - New Authentication Experience with a biometric and NFC card

Combining biometrics and NFC, the innovative SafeNet IDPrime FIDO Bio Smart Card allows end users to authenticate from multiple types of devices securely and easily, with just a fingerprint instead of a password.

Get more information about SafeNet IDPrime FIDO Bio Smart Card

 

Id Prime Tab

One Device for FIDO & PKI or FIDO & Physical Access

Extend Modern Authentication to PKI Environments - Organizations that rely on PKI authentication can now use a combined PKI-FIDO smart card and USB tokens to facilitate their cloud and digital transformation initiatives by providing their users with a single authentication device for securing access to legacy apps, network domains and cloud services.

Physical Access - For optimum convenience, Thales FIDO smart cards support physical access enabling users to access both physical spaces and logical resources with a single customizable smart card.

SafeNet IDPrime 3930 FIDO

id card

SafeNet IDPrime 3930 FIDO is FIPS 140-2 Level 2 certified for the combined Java platform and PKI applet.

SafeNet IDPrime 3940 FIDO

id card

SafeNet IDPrime 3940 FIDO is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. This smart card is also compliant with eIDAS regulations and has obtained the French “Qualification Renforcée” from ANSSI.

SafeNet IDPrime 941 FIDO and SafeNet IDPrime 931 FIDO cards combine physical access, PKI and FIDO use cases in one device and enable FIDO authentication on mobile devices thanks to NFC.

SafeNet IDPrime 941 FIDO

id card

SafeNet IDPrime 941 FIDO is qualified for both eSignature and eSeal applications and is Common Criteria certified.

SafeNet IDPrime 931 FIDO

id card

SafeNet IDPrime 931 FIDO is qualified for both eSignature and eSeal applications and is FIPS 140-2 Level 2 for the combined Java platform and PKI applet.

SafeNet IDCore 3121 FIDO

id card

The SafeNet IDCore 3121 FIDO is a physical access smart card with FIDO. This contactless smart card allows communication via a contactless ISO14443 interface and is also compatible with NFC readers.

USB Token with Touch Sense Options

 

FIDO Tokens with Touch Sense Options

SafeNet eToken Fusion Series

The SafeNet eToken Fusion Series enables organizations to utilize passwordless phishing-resistant authentication methods improving security for enterprise resources accessed from any device. This series allows presence detection and supports all PKI and FIDO use cases. The SafeNet eToken Fusion Series includes an option with CC certification.

SafeNet eToken Fusion is available in two form factors: USB-A and USB-C. The USB-C form factor enables users to authenticate to any cloud resources by plugging this token to their mobile devices (phone/tablets).

USB Token with Touch Sense Options

 

SafeNet eToken FIDO

The SafeNet eToken FIDO is a USB token, an ideal solution for enterprises looking to deploy passwordless authentication for employees. This FIDO authenticator is a compact, tamper-evident USB with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching the token).

 

Thales and Microsoft partner to provide Microsoft Azure AD customers with FIDO and CBA phishing-resistant authentication

With the new Azure AD cloud-native CBA support, Microsoft customers can use Thales X.509 certificate-based Tokens, Smart cards, and FIDO authenticators for all their identity protection needs. By supporting multiple use cases (PKI, CBA, FIDO2 authentication, physical access) in a single device, Thales allows organizations to extend high assurance access to the cloud while building on their existing environments.

Id Prime Tab

 

Full integration with MS Azure AD

To address customer needs for FIDO, phishing-resistant authentication for Azure AD managed resources, Thales is offering a Microsoft-verified and tested USB FIDO security key. The Thales key and other Thales FIDO devices are fully compatible and integrated with Azure AD. They are ideal for protecting cloud services and on-premises applications.

Learn more about Thales FIDO2 Authentication for Azure AD in our solution brief and combine Microsoft Azure AD with Thales FIDO authenticators to reduce security breaches and meet US / EU regulations.

Reach out for a Free Sample

Thales FIDO Devices
 

Passwordless FIDO authentication
with Thales and Microsoft

  • Thales FIDO2 Benefits
  • IDP Compatibility with FIDO Security

Best in class security

  • Thales controls the entire manufacturing cycle and develops its own FIDO crypto libraries, which reduces the risk of being compromised.

Support for multiple use cases

  • Combine FIDO, PKI and physical access in a single device
  • Experience a strong authentication from mobile endpoints

Superior certifications

  • U2F and FIDO2 certified
  • Compliant with US and EU regulations for phishing-resistant authentication
  • FIPS and CC certified for PKI operations

Robustness & Scalability for a long life duration

  • Hard molded plastic, tamper evident USB FIDO keys
  • No damage to USB ports thanks to sensitive presence detector
  • Support for firmware updates for better maintenance and upgradability

All Thales FIDO security keys are FIDO2 and U2F FIDO certified, and compatible with any IDPs that support the FIDO2 standard.

Tested IDPs include:

  • Thales SafeNet Trusted Access
  • Microsoft Azure Active Directory, now Part of Entra
  • AWS Identity and Access Management (IAM)
  • ForgeRock Access Management (Identity Platform)
  • Intercede MyID
  • Versasec vSEC:CMS
  • Silverfort Unified Identity Platform

Recommended Resources

Conquer Phishing Attacks with Strong Authentication - Thales and Microsoft

In this Webcast, Matthew Isbell @ Microsoft and Gregory Vigroux @ Thales discussed about new regulations for strong and phishing-resistant authentication and how to meet them by combining Azure AD CBA and authentication strengths capabilities with Thales PKI/FIDO authenticators.

How to install a FIDO token in your Microsoft environment

Please make sure your IT team has activated the “security key” option in Azure Active Directory.

Top 5 Reasons Choosing FIDO2 Devices for Enterprise Authentication

FIDO authentication has gained traction as a modern form of MFA because of its considerable benefits in easing the log in experience for users. It also overcomes the inherent vulnerabilities of text-based passwords.

Thales Passwordless FIDO2 Authentication for Azure AD, part of Microsoft Entra

As users log into an increasing number of cloud-based applications, weak passwords are emerging as the primary cause of identity theft and security breaches.

Thales FIDO2 Security Keys

Organizations expanding their digital transformation are moving applications and data to the cloud to enable accessibility from anywhere and decrease operating costs. As users log in to an increasing number of cloud-based applications, weak passwords are emerging as the primary cause of identity theft and security breaches.

Top 5 Reasons choosing SafeNet eToken Fusion Series - Infographic

FIDO authentication has gained traction as a modern form of MFA due to its benefits in easing the end-user login experience and overcoming password vulnerabilities. Here are the top five reasons why you should consider SafeNet eToken Fusion security keys.