Solutions based on the FIDO standard for simpler, stronger authentication using an open, scalable, and interoperable approach
Strong Security Using Industry Standard Interoperability
Ease of use
Remove friction and offer your users the flexibility to use any FIDO-compatible authenticator or device
Privacy & Security
Provide stronger authentication with FIDO public key cryptography. Protect your apps against phishing, MITM and replay attacks
Use FIDO-certified solutions and reduce operational and development costs while ensuring a faster time to market
Implement FIDO public key cryptography and lessen dependency on traditional, complex passwords
Alleviate compliance concerns and rely on standardized authentication to help you meet regulatory requirements
Take advantage of the FIDO ecosystem that ensures inoperability of hardware, software, and biometric authentication
A Better User Experience
Create an unrivaled customer experience for your mobile and online services
Provide your users with a passwordless experience by using the native security capabilities present on the end user’s device. 81% of data breaches in 2016* involved weak, default or stolen passwords. Use FIDO’s public key cryptography for authentication to eliminate the weakest link posed by traditional passwords. Implement FIDO authentication in your organization and enable easy access to your web and mobile applications.
* 2017 Data Breach Investigation Report by Verizon
Reduce friction for users via advanced authentication options to increase customer satisfaction and loyalty. OneSpan’s FIDO-certified solutions support different authentication options, including second factors, PIN, and push notification
Secure all your web and mobile applications with a single FIDO infrastructure. Enable FIDO authentication within your organization and enjoy the flexibility of different authentication methods. Ensure a high user adoption rate by leveraging well-known devices people use every day.
Strong Security with User Privacy in Mind
- Public key cryptography – The different FIDO protocols use assymetric standard public key cryptography designed for client authentication.
- No third-party involvement – The private keys never leave the device. As such, there are no server-side secrets to steal.
- No linkability – There is no linkability between different services, which means that no information is provided that would allow user tracking across different services.
- Biometrics never leave the device – Biometric information is captured, verified, and stored on the device and never sent to a server.
- All communication is encrypted
- Lower development and maintenance costs – No proprietary or in-house solutions need to be developed. OneSpan’s FIDO authentication can be easily integrated alongside your existing mobile and web applications.
- Faster time to market – No extra development is required.
- Little or no provisioning costs – Use a cost-efficient, second factor authenticator or leverage the end user’s mobile device.
- Mitigate fraud – Reduce fraud and the cost associated with potential damages.
- Reduce password reset costs – Eliminate traditional complex passwords.
- Future-proof solution – OneSpan’s FIDO Authentication SDK is a standards-based solution that allows you to deploy FIDO authentication to your customer base on multiple devices.
How it Works
FIDO-certified solutions are based on public key cryptography. Before first use, the user must complete a registration process.
- Request your user to choose an available FIDO authenticator in line with your acceptance policy.
- Your user unlocks the mobile FIDO authenticator with a fingerprint reader or PIN; or with a button in case of a hardware second-factor device.
- The user’s device creates a unique private and public key pair for the local device, the user’s account and your online service.
- The public key associated with the user’s account is sent to the server. The private key is stored on the local device in a cryptographic keystore.
- Your online service challenges the user to log in with a previously registered device.
- Your user unlocks their FIDO authenticator in the same manner as they did for registration (e.g. fingerprint, PIN, second factor)
- A random challenge is created by the FIDO server. To sign that challenge, the device uses an account identifier to select the correct key.
- The signed challenge is sent back to the server where it’s matched against the stored public key and the user is authorized to log in.
- Support for mobile and/or hardware deployments
Provide your end users with a second factor (hardware) or passwordless experience (mobile) by using the native security features of an end user’s device. OneSpan’s solutions easily allow you to mix and match software and hardware to fit your authentication needs.
- Benefit from the advanced security options within OneSpan Mobile Security Suite for your mobile deployments
Besides FIDO authentication, you can benefit from all features that OneSpan Mobile Security Suite offers, and flexible deploy the security features your offering requires (i.e. geolocation, jailbreaking, device binding, secure storage and application shielding with RASP).
- Future proof
FIDO’s open standards based platform ensures you that you invest in a future proof solution. With OneSpan FIDO Authentication, you have the guarantee that new authenticators will be supported out-of-the-box as they enter into the market.
- Centrally manage all authentication channels
You can support all your authentication needs from a single, unified system. All your users are centrally provisioned and managed, and you can provide support for all application, devices and use cases from one system.