FIDO is an Ecosystem for Standard-Based, Interoperable Authentication that helps enterprises and service providers with strong authentication solutions, reducing the reliance on passwords and preventing phishing, man-in-the-middle and replay attacks.
The Social-Id for CIAM platform is being upgraded to support passwordless and second factor authentication.
The Social-ID's passwordless solution will allow the users an easier and more fluid experience when logging in, allowing for authentication using one time passwords, biometrics and device interactions.
The Second Factor Authentication will make the Social-Id's security even stronger. The login will require user to confirm the authentication using a button or NFC tab on a usb key compatible with FIDO's U2F specifications.
The FIDO Alliance currently has two sets of specifications for simpler, stronger authentication: Universal Second Factor (U2F) and Universal Authentication Framework (UAF).
"The passwordless FIDO experience is supported by the Universal Authentication Framework (UAF) protocol. In this experience, the user registers their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. The UAF protocol allows the service to select which mechanisms are presented to the user.
Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. The user no longer needs to enter their password when authenticating from that device. UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN."
"The second factor FIDO experience is supported by the Universal Second Factor (U2F) protocol. This experience allows online services to augment the security of their existing password infrastructure by adding a strong second factor to user login. The user logs in with a username and password as before. The service can also prompt the user to present a second factor device at any time it chooses. The strong second factor allows the service to simplify its passwords (e.g. 4–digit PIN) without compromising security.
During registration and authentication, the user presents the second factor by simply pressing a button on a USB device or tapping over NFC. The user can use their FIDO U2F device across all online services that support the protocol leveraging built–in support in web browsers."