FIDO and FIDO2 Devices
Strong Passwordless Authentication
What is FIDO and why use it?
FIDO2 is the umbrella term for FIDO Alliance's newest set of specifications. FIDO2 authentication enables users to capitalize on common devices to authenticate quickly and securely to online services in both desktop and mobile environments. FIDO authentication is the industry's solution to the global password challenge and addresses all of the concerns of traditional authentication.
To reduce risk to your Windows logon, SaaS applications, users with high privilege and users in general, Thales supports FIDO passwordless authentication using multi-factor authentication (MFA) hardware devices.
Switching to a Passwordless world – What is passwordless authentication?
Accessing apps or IT systems without using a password or security questions by replacing passwords with FIDO compliant devices introduces a modern passwordless MFA experience that is resistant to phishing attacks and account takeovers, and enables compliance. Enjoy a passwordless authentication solution with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching token edge).
Thales multi-factor authentication devices use current and emerging protocols to support multiple applications at the same time. Use one security key that combines support for FIDO2, WebAuthn, U2F, and PKI to access both physical spaces and logical resources.
FIDO Authentication Solutions
One Device for FIDO & PKI or FIDO & Physical Access
Extend Modern Authentication to PKI Environments - Organizations that rely on PKI authentication can now use a combined PKI-FIDO smart card and USB tokens to facilitate their cloud and digital transformation initiatives by providing their users with a single authentication device for securing access to legacy apps, network domains and cloud services.
Physical Access - For optimum convenience, Thales FIDO smart cards support physical access enabling users to access both physical spaces and logical resources with a single customizable smart card.
SafeNet IDPrime 3930 FIDO
SafeNet IDPrime 3930 FIDO is FIPS 140-2 Level 2 certified for the combined Java platform and PKI applet.
SafeNet IDPrime 3940 FIDO
SafeNet IDPrime 3940 FIDO is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. This smart card is also compliant with eIDAS regulations and has obtained the French “Qualification Renforcée” from ANSSI.
SafeNet IDPrime 941 FIDO and SafeNet IDPrime 931 FIDO cards combine physical access, PKI and FIDO use cases in one device and enable FIDO authentication on mobile devices thanks to NFC.
SafeNet IDPrime 941 FIDO
SafeNet IDPrime 941 FIDO is qualified for both eSignature and eSeal applications and is Common Criteria certified.
SafeNet IDPrime 931 FIDO
SafeNet IDPrime 931 FIDO is qualified for both eSignature and eSeal applications and is FIPS 140-2 Level 2 for the combined Java platform and PKI applet.
SafeNet IDCore 3121 FIDO
The SafeNet IDCore 3121 FIDO is a physical access smart card with FIDO. This contactless smart card allows communication via a contactless ISO14443 interface and is also compatible with NFC readers.
FIDO Tokens with Touch Sense Options
SafeNet eToken Fusion Series
The SafeNet eToken Fusion Series enables organizations to utilize passwordless phishing-resistant authentication methods improving security for enterprise resources accessed from any device. This series allows presence detection and supports all PKI and FIDO use cases. The SafeNet eToken Fusion Series includes an option with CC certification.
SafeNet eToken Fusion is available in two form factors: USB-A and USB-C. The USB-C form factor enables users to authenticate to any cloud resources by plugging this token to their mobile devices (phone/tablets).
SafeNet eToken FIDO
The SafeNet eToken FIDO is a USB token, an ideal solution for enterprises looking to deploy passwordless authentication for employees. This FIDO authenticator is a compact, tamper-evident USB with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching the token).
Thales and Microsoft partner to provide Microsoft Azure AD customers with FIDO and CBA phishing-resistant authentication
With the new Azure AD cloud-native CBA support, Microsoft customers can use Thales X.509 certificate-based Tokens, Smart cards, and FIDO authenticators for all their identity protection needs. By supporting multiple use cases (PKI, CBA, FIDO2 authentication, physical access) in a single device, Thales allows organizations to extend high assurance access to the cloud while building on their existing environments.
Full integration with MS Azure AD
To address customer needs for FIDO, phishing-resistant authentication for Azure AD managed resources, Thales is offering a Microsoft-verified and tested USB FIDO security key. The Thales key and other Thales FIDO devices are fully compatible and integrated with Azure AD. They are ideal for protecting cloud services and on-premises applications.
Learn more about Thales FIDO2 Authentication for Azure AD in our solution brief and combine Microsoft Azure AD with Thales FIDO authenticators to reduce security breaches and meet US / EU regulations.
Thales FIDO Devices
Passwordless FIDO authentication
with Thales and Microsoft
- Thales FIDO2 Benefits
- IDP Compatibility with FIDO Security
Best in class security
- Thales controls the entire manufacturing cycle and develops its own FIDO crypto libraries, which reduces the risk of being compromised.
Support for multiple use cases
- Combine FIDO, PKI and physical access in a single device
- Experience a strong authentication from mobile endpoints
Superior certifications
- U2F and FIDO2 certified
- Compliant with US and EU regulations for phishing-resistant authentication
- FIPS and CC certified for PKI operations
Robustness & Scalability for a long life duration
- Hard molded plastic, tamper evident USB FIDO keys
- No damage to USB ports thanks to sensitive presence detector
- Support for firmware updates for better maintenance and upgradability
All Thales FIDO security keys are FIDO2 and U2F FIDO certified, and compatible with any IDPs that support the FIDO2 standard.
Tested IDPs include:
- Thales SafeNet Trusted Access
- Microsoft Azure Active Directory, now Part of Entra
- AWS Identity and Access Management (IAM)
- ForgeRock Access Management (Identity Platform)
- Intercede MyID
- Versasec vSEC:CMS
- Silverfort Unified Identity Platform
Recommended Resources
Conquer Phishing Attacks with Strong Authentication - Thales and Microsoft
In this Webcast, Matthew Isbell @ Microsoft and Gregory Vigroux @ Thales discussed about new regulations for strong and phishing-resistant authentication and how to meet them by combining Azure AD CBA and authentication strengths capabilities with Thales PKI/FIDO authenticators.
How to install a FIDO token in your Microsoft environment
Please make sure your IT team has activated the “security key” option in Azure Active Directory.
Top 5 Reasons Choosing FIDO2 Devices for Enterprise Authentication
FIDO authentication has gained traction as a modern form of MFA because of its considerable benefits in easing the log in experience for users. It also overcomes the inherent vulnerabilities of text-based passwords.
Thales Passwordless FIDO2 Authentication for Azure AD, part of Microsoft Entra
As users log into an increasing number of cloud-based applications, weak passwords are emerging as the primary cause of identity theft and security breaches.
SafeNet FIDO2 Passwordless Devices
Organizations expanding their digital transformation are moving applications and data to the cloud to enable accessibility from anywhere and decrease operating costs. As users log in to an increasing number of cloud-based applications, weak passwords are emerging as the primary cause of identity theft and security breaches.
Top 5 Reasons choosing SafeNet eToken Fusion Series - Infographic
FIDO authentication has gained traction as a modern form of MFA due to its benefits in easing the end-user login experience and overcoming password vulnerabilities. However, many organizations have invested heavily in Public Key Infrastructure (PKI) for use cases such as digital signing or email encryption, which FIDO cannot replace. Here are the top five reasons why you should consider SafeNet eToken Fusion security keys.