"Fido 2" standard Login securely and without passwords "Fido 2" standard Login securely and without passwords

"Fido 2" standard Login securely and without passwords

"Fido 2" standard Login securely and without passwords  For reasons of online security, one has to create a password for each online service or account, but of course it is difficult for him to remember all his passwords without the help of password manager tools. Regardless of the strength and efficiency of the password, hackers and attackers can often hack or steal passwords.  The two-step login or two-factor authentication (2FA) function increases the level of security on the Internet, as the account is validated by a second factor in addition to the password, for example, by relying on an application that generates the security code, but this function Make logging in more complicated.  Quick ID Online The Fast Identity Online function, known as the "Fido" function, solves this problem, and even makes the password itself irrelevant, and the abbreviation "Fido" refers to a set of IT security standards.  The latest "Fido 2" standard allows for secure login in Internet services without a password, and here the question arises about how this function works. If the user wishes to log in through the "Fido 2" standard, he must first Register a device in the relevant service, such as a smartphone, tablet or desktop computer.  During registration, two encrypted strings are created as a pair, the public key and the private key, the service obtains the public key and the private key or secret key is stored on the device, which can be called the authentication factor.  If the user wishes to log in to the service, the device creates an electronic signature with the secret key, and then the service can verify the validity of this signature by using the public key.  Professor Marcus Dormut, from the Institute for Information Technology Security at Leipzig University in Hanover, Germany, explained that this function works in the way of a traditional signature on paper, and added, "The signature is validated by comparing the method of writing the signature with the saved sample."  This method is secure, because only the user has the private key. German Professor Markus Dormott explained that the "Fido 2" standard provides an additional degree of security, because the electronic signature contains a time stamp, and even if hackers manage to penetrate the electronic signature, they will not be able to exploit it later.  In addition, the private key or secret key is kept securely on authentication devices. Jan Mann of the German specialized magazine "C't" explained that the private key is stored on authentication devices in the well-known Trusted Platform Module (TPM), which is hard chips designed so that there is no port. To hack the secret key.  The private key is computed once on the device and stored on it. When logging in, the device leaves only the electronic signature and not the private key itself.  It should be noted that the Trusted Platform Module (TPM) with encrypted chips is found in most new smartphones, computers and laptops, and Microsoft also announced that the TBM has become one of the current requirements for installing the TBM. Windows 11 operating system.  When relying on an old computer or smartphone without a trusted platform unit, the private key can be stored on flash memory units that are connected to the computer via the USB port.  Token The flash memory units equipped with an encrypted chip are known as the "token", and their importance is not limited to replacing the password with the "Fido 2" standard, but it can also be used as a second authentication factor according to the service, because the two-factor authentication function (2FA) is part of the Fido standard.  Here, a question arises about the procedures followed when the smartphone where the private key is stored is lost. To answer this question, Marcus Dormott clarified that "the official recommendation states that when using the Fido 2 standard, the private key must be registered on two devices."  The second device must be a smartphone or a desktop computer, and a USB token can be used by storing it in a safe place as a backup for the private key.  Cloud sync Cloud synchronization of the private key is a relatively new solution to the problems of losing devices where the private key is stored. Such solutions are easy to use, as the user stores the private key on Internet servers with the ability to synchronize it on many devices over the Internet, the same way that Apple follows with its Fido 2 function.  At the beginning of May 2022, the companies "Apple", Google and "Microsoft" announced their cooperation to add new functions to the "Fido 2" standard until 2023, when the user will be able to automatically access data on various devices, including new devices, Without the need to log in again in each account.  In addition, it will be possible to use a mobile device as an authentication agent to log into applications or websites on other devices in close range, regardless of the operating system or browser.  The Federal Office for Information Technology Security (BSI) is a member of the FIDO Consortium, and the German Federal Office has rated the FIDO 2 standard positively in a number of aspects, but the additional degree of security can only be achieved by adequately securing the authenticator.  To provide higher levels of security, it is necessary to check how Fido 2 is implemented on websites, because security degrees are related to how a company implements Fido 2 in its service.

For reasons of online security, one has to create a password for each online service or account, but of course it is difficult for him to remember all his passwords without the help of password manager tools. Regardless of the strength and efficiency of the password, hackers and attackers can often hack or steal passwords.

The two-step login or two-factor authentication (2FA) function increases the level of security on the Internet, as the account is validated by a second factor in addition to the password, for example, by relying on an application that generates the security code, but this function Make logging in more complicated.

Quick ID Online
The Fast Identity Online function, known as the "Fido" function, solves this problem, and even makes the password itself irrelevant, and the abbreviation "Fido" refers to a set of IT security standards.

The latest "Fido 2" standard allows for secure login in Internet services without a password, and here the question arises about how this function works. If the user wishes to log in through the "Fido 2" standard, he must first Register a device in the relevant service, such as a smartphone, tablet or desktop computer.

During registration, two encrypted strings are created as a pair, the public key and the private key, the service obtains the public key and the private key or secret key is stored on the device, which can be called the authentication factor.

If the user wishes to log in to the service, the device creates an electronic signature with the secret key, and then the service can verify the validity of this signature by using the public key.

Professor Marcus Dormut, from the Institute for Information Technology Security at Leipzig University in Hanover, Germany, explained that this function works in the way of a traditional signature on paper, and added, "The signature is validated by comparing the method of writing the signature with the saved sample."

This method is secure, because only the user has the private key. German Professor Markus Dormott explained that the "Fido 2" standard provides an additional degree of security, because the electronic signature contains a time stamp, and even if hackers manage to penetrate the electronic signature, they will not be able to exploit it later.

In addition, the private key or secret key is kept securely on authentication devices. Jan Mann of the German specialized magazine "C't" explained that the private key is stored on authentication devices in the well-known Trusted Platform Module (TPM), which is hard chips designed so that there is no port. To hack the secret key.

The private key is computed once on the device and stored on it. When logging in, the device leaves only the electronic signature and not the private key itself.

It should be noted that the Trusted Platform Module (TPM) with encrypted chips is found in most new smartphones, computers and laptops, and Microsoft also announced that the TBM has become one of the current requirements for installing the TBM. Windows 11 operating system.

When relying on an old computer or smartphone without a trusted platform unit, the private key can be stored on flash memory units that are connected to the computer via the USB port.

Token
The flash memory units equipped with an encrypted chip are known as the "token", and their importance is not limited to replacing the password with the "Fido 2" standard, but it can also be used as a second authentication factor according to the service, because the two-factor authentication function (2FA) is part of the Fido standard.

Here, a question arises about the procedures followed when the smartphone where the private key is stored is lost. To answer this question, Marcus Dormott clarified that "the official recommendation states that when using the Fido 2 standard, the private key must be registered on two devices."

The second device must be a smartphone or a desktop computer, and a USB token can be used by storing it in a safe place as a backup for the private key.

Cloud sync
Cloud synchronization of the private key is a relatively new solution to the problems of losing devices where the private key is stored. Such solutions are easy to use, as the user stores the private key on Internet servers with the ability to synchronize it on many devices over the Internet, the same way that Apple follows with its Fido 2 function.

At the beginning of May 2022, the companies "Apple", Google and "Microsoft" announced their cooperation to add new functions to the "Fido 2" standard until 2023, when the user will be able to automatically access data on various devices, including new devices, Without the need to log in again in each account.

In addition, it will be possible to use a mobile device as an authentication agent to log into applications or websites on other devices in close range, regardless of the operating system or browser.

The Federal Office for Information Technology Security (BSI) is a member of the FIDO Consortium, and the German Federal Office has rated the FIDO 2 standard positively in a number of aspects, but the additional degree of security can only be achieved by adequately securing the authenticator.

To provide higher levels of security, it is necessary to check how Fido 2 is implemented on websites, because security degrees are related to how a company implements Fido 2 in its service.

Post a Comment

Previous Post Next Post