FIDO definition: What is the FIDO Alliance and what does FIDO stand for?
The FIDO (fast identity online) Alliance is an industry association that aims to reduce reliance on passwords for security, complementing or replacing them with strong authentication based on public-key cryptography. To achieve that goal, the FIDO Alliance has developed a series of technical specifications that websites and other service providers can use to move away from password-based security. In particular, the FIDO specs allow service providers to take advantage of biometric and other hardware-based security measures, either from specialized hardware security gadgets or the biometric features built into most new smartphones and some PCs.
Before we get into the individual FIDO specifications, we need discuss the principle that they’re all based on: public key cryptography. In this form of cryptography, each communicating party uses two keys — very large numbers — to encrypt messages via an encryption algorithm. Each party shares a public key that’s used to encode a message, which can only be decoded by a private key, which is kept secret. The two keys are related by some mathematical operation that would be difficult or impossible to reverse — for instance, the private key might be two very long prime numbers and the public key would be the number you get by multiplying those two primes together. (For more on how this works, check out CSO’s explainer on cryptography.)
Public key cryptography is already the basis for most…