WebAuthn, FIDO, and FIDO2

The OptimalCloud supports device authentication based on WebAuthN, FIDO, and FIDO2.

WebAuthN is a standard defined be the World Wide Web (W3C) consortium that specifies how browsers authenticate to roaming authenticators, and platform authenticators. Roaming Authenticators are hardware authenticators that can be connected to your device when you perform authentication. Platform Authenticators are authenticators built into your device such as Windows Hello, Apple TouchID, and Apple FaceID.

WebAuthn is implemented as a JavaScript API that is included in the browser. WebAuthn is supported by most modern browsers such as Edge, Chrome, Safari, Opera, and Firefox. The OptimalCloud uses the WebAuthn JavaScript API to perform device authentication using either Roaming Authenticators or Platform Authenticators.

FIDO and FIDO2 are standard defined by the FIDO Alliance. The FIDO Alliance originally defined the FIDO Universal 2nd Factor (FIDO U2F) and Universal Authentication Framework (UAF) specifications for device authentication. Those specification have been superseded by the newer FIDO2 specification.

FIDO2 defines a Client to Authenticator Protocol (CTAP2) specification that defines how browsers interact with FIDO2 devices. FIDO2 devices are typically Roaming Authenticators that can connect via Universal Serial Bus (USB), Near Field Communication (NFC), or Bluetooth Low Energy (BLE).