AZ-104 Certification Notes

Chapter 3.8 - FIDO2 and Security Keys

Fast Identity Online (FIDO) Alliance
- An open industry association whose mission is to develop and promote authentication standards that help reduce the world's over-reliance on passwords
FIDO Alliance has published three sets of open specifications for simpler, stronger user authentication:
- FIDO Universal Second Factor (FIDO U2F)
- FIDO Universal Authentication Framework (FIDO UAF)
- Client to Authenticator Protocols (CTAP)
- CTAP is complementary to the W3C’s Web Authentication (WebAuthn) specification; together, they are known as FIDO2
What is a Security Key?
- A secondary device used as second step in authentication process to gain access to a device, workstation or application
- A security key can resemble a memory stick. When your finger makes contact with a button or exposed metal on the device it will generate and autofill a security token.
- A popular brand of security key is a Yubikey
  - Works out of the box with Gmail, Facebook, and hundreds more
  - Supports FIDO2/WebAuthn, U2F
  - Waterproof and crush resistant
  - USB-A and NFC dual connectors on a single key

What can the security key 'Yubikey' support?
- U2F
- FIDO2/WebAuthn
- CTAP
- UAF
Which of the open specifications is complementary to the W3C’s Web Authentication specification? Together, they are known as FIDO2.
- FIDO Universal Second Factor (FIDO U2F)
- FIDO Universal Authentication Framework (FIDO UAF)
- FIDO Universal First Factor (FIDO U1F)
- Client to Authenticator Protocols (CTAP)
What is FIDO?
- Fast Identity Online (FIDO) Alliance is an open industry association whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords.
What is a secondary device used as the second step in the authentication process to gain access to a device, workstation, or application?
- A Security Key