Platforms that Support FIDO2 Authentication (2024)

FAQs

Which sites support FIDO2? ›

So you can already use FIDO U2F with very many services, among them are: Nextcloud, GitHub, Odoo, Gitlab, Facebook, Google and many more. Passwordless logins using FIDO2 are comparatively rare, e.g. at Microsoft or Nextcloud.

Fortunately, all leading web platforms, including Microsoft Windows, Apple iOS and MacOS, and Android systems, and all major web browsers, including Microsoft Edge, Google Chrome, Apple Safari, and Mozilla Firefox, support FIDO2. Your identity and access management (IAM) solution must also support FIDO2 authentication.

Support for FIDO2: WebAuthn and CTAP

WebAuthn is currently supported in Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari web browsers, as well as Windows 10 and Android platforms.

Two-step login using FIDO2 WebAuthn credentials is available for free to all Bitwarden users. Any FIDO2 WebAuthn Certified credentials can be used, including security keys such as YubiKeys, SoloKeys, and Nitrokeys, as well as native biometrics options like Windows Hello and Touch ID.

Security Keys for Apple ID works with any FIDO® Certified security key.

Disadvantages and Challenges of FIDO2

Additionally, FIDO2 does not safeguard against timing vulnerability attacks (an attack that links stored user accounts in vulnerable authenticators). Since FIDO2 relies on a computer or system's authenticators, there is a lack of physical protection.

The FIDO2 API allows Android applications to create and use strong, attested public key- based credentials for the purpose of authenticating users.

FIDO is currently supported in Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (MacOS), iOS web browsers, as well as Windows 10 and Android platforms.

What are some examples of FIDO2 authentication methods? Biometric-capable devices and platform authenticators: These are built-in authenticators that require a biometric, PIN, or passcode. Examples include Apple's Touch ID and Face ID, Windows Hello, or Android fingerprint and face recognition.

Does YubiKey support FIDO2? ›

FIDO Alliance manages functional certification programs for its various specifications (e.g. U2F and FIDO2) to validate product conformance and interoperability. A FIDO2-certified device, such as a YubiKey 5 Series security key, has gone through a full FIDO certification program and successfully meets all requirements.

For FIDO2, you need a capable authenticator device that the browser can access. The authenticator can be one of the following: A platform authenticator, such as a mobile device with fingerprint scanning capability, Windows 10 device with Windows Hello, or a MacBook with Touch ID.

The latest version of Firefox supports FIDO2 and U2F keys : FIDO2 has been supported since version 66.0. 32. U2F has been supported since version 57, but only enabled by default from version 68 onwards.

Typical MITM attacks allow attackers to intercept user communication and steal login credentials but FIDO2 was designed to be immune to these attacks by using physical security keys, USB tokens, or biometrics.

Microsoft Entra ID currently supports device-bound passkeys stored on FIDO2 security keys and in Microsoft Authenticator. Microsoft is committed to securing customers and users with passkeys. We are investing in both synced and device-bound passkeys for work accounts.

Click User Security Policies > User Account Settings. Select Yes in the Enable FIDO2 Authentication drop-down box. Select Yes in the Enable security key enrollment drop-down box. Enter a name in the FIDO2 Security Key Display Name field.