What is FIDO2?
FIDO (Fast Identity Online) is the umbrella term for FIDO Alliance's newest set of specifications.
Passkeys – based on FIDO2 technology - enable users to authenticate quickly and securely to online services without using password anymore.
Passkeys & FIDO2 authentication is the industry's future proof solution to the global password challenge and addresses all the concerns of traditional authentication, by providing phishing-resistant authentication combined with enhanced user experience in both desktop and mobile environments.
Why should organizations consider FIDO?
Convenient
FIDO2 is a passwordless authentication method so users don’t need to remember their passwords. To facilitate user adoption, you can combine it with biometrics such as fingerprints.
Phishing-resistant
Leveraging asymmetric public key cryptography, FIDO2 protects against phishing attacks because each private key is bound to a service domain. If the accessed service is fake, authentication fails.
Prevent attacks
FIDO2 security key protects against man-in-the-middle (MiTM) attacks because each private key is stored securely in the hardware device.
Future-proof
Modern web applications support FIDO2. Cybersecurity agencies and analysts rank FIDO2 security key as the “gold” technology to invest in (NIST, ENISA, CSA, Gartner...).
Authenticate anywhere
Various form factors such as smart cards and USB tokens, with contactless option, allow users to authenticate from their mobile devices or from shared desktops.
Easy to deploy
Based on open standard, FIDO2 simplifies systems compatibility. It removes password-related help desk costs and lower IT overheads (no separate infrastructure required).
Top initial attack vectors for data breaches
49 %
Stolen or compromised credentials
16 %
Phishing
To reduce the risk of identity theft and security breaches when connecting to sensitive digital resources such as Windows sessions and web applications, Thales recommends organizations to enable passwordless, phishing-resistant Multi-Factor Authentication for their high-privileged users, frontline workers, and users in general, using passkeys bound to hardware security keys.
The Comprehensive Guide on Phishing-Resistant MFA, Passkeys and FIDO security keys
FIDO2 combining with PKI authentication offers future-ready solutions for vendors to implement passwordless authentication & safeguard access to cloud-based apps.
Thales FIDO2 Security Keys benefits
Thales multi-factor authentication devices use current and emerging protocols to support multiple applications at the same time. Use one security key that combines FIDO2, WebAuthn, U2F, and PKI to access both physical spaces and logical resources.
Best in class security
Thales controls the entire manufacturing cycle and develops its own FIDO crypto libraries, which reduces the risk of being compromised.
Support for multiple use cases
- Combine FIDO, PKI and physical access in a single device
- Experience a strong authentication from mobile endpoints
User convenience for better adoption
- Support for biometric (fingerprint on smart card)
- Sensitive presence detector on USB FIDO key
Compliant with high security market standards
- U2F and FIDO2 certified
- Compliant with US and EU regulations for phishing-resistant authentication
- Manufacturing in Europe and Trade Agreement Act (TAA) compliancy in option
- FIPS and CC certified for PKI operations
Robustness & Scalability for a long-life duration
- Hard molded plastic, tamper evident USB FIDO keys
- No damage to USB ports thanks to sensitive presence detector
- Support for firmware updates for better maintenance and upgradability
Enterprise FIDO Ready
- Comply with FIDO2.1 specifications
- Benefit from Thales FIDO Enterprise features
- Use SafeNet FIDO key Manager for free
Find the right FIDO2 security key that fits your needs
Thales supports numerous passwordless authentication journeys with a wide range of FIDO authenticators.
- FIDO USB Tokens
- FIDO + Biometric
- FIDO + PKI Smart Cards
- FIDO + PKI USB Tokens
- FIDO + Physical Access
- Manage FIDO Keys
FIDO USB Tokens
Secure access to web applications and devices using FIDO
SafeNet eToken FIDO series
- Ideal solution for organizations to go passwordless
- Compact, tamper-evident USB tokens, available in type A and C
- Presence detection sensor to confirm human presence
- Ideal for privilege users, frontline and temporary workers
- Quick access for employees to any shared device such as PC or tablet
Secure access to Microsoft 365 and Windows devices
Thales and Microsoft partner to provide Microsoft 365 customers with FIDO and certificates-based authentication (CBA).
With the Entra ID, Microsoft customers can use Thales X.509 certificate-based Tokens, Smart cards, and FIDO authenticators for all their identity protection needs.
All the Thales FIDO security keys (tokens or smart cards) are fully compatible and integrated with Microsoft Entra ID.
For more information about Thales FIDO2 Security Keys for Microsoft Environments, watch the Video Demo, read our Solution Brief and download the Installation Guide. Check our offer on Azure Marketplace.
Partner with an Identity Trailblazer
Awarded 2024 Identity Trailblazer by Microsoft Security, Thales is the sole vendor offering USB-C and USB-A FIDO security keys with Microsoft Security logo on one side. They are ideal for protecting cloud services and windows logon.
Recommended resources
Analyst Research [Inglese]
Thales Named Leader in Passwordless Authentication for Enterprises by KuppingerCole
- What is a FIDO2 security key?
- How do FIDO2 tokens work?
- What are passkeys in FIDO2?
- Can FIDO2 tokens be used with mobile devices?
- How do I set up a FIDO2 token?
- Are FIDO2 tokens compatible with all online services?
- What are the benefits of using FIDO2 passkeys over traditional passwords?
- Is FIDO2 authentication phishing-resistant?
- What makes FIDO2 tokens phishing-resistant?
- Are FIDO2 tokens compliant with regulatory standards?
