FIDO2 – An Open Authentication Standard
FIDO2 is an open authentication standard, hosted by the FIDO Alliance and supported by browsers and many large tech companies such as Microsoft, Yubico, etc. It consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authenticator Protocol (CTAP).
FIDO2 Authentication Options
Addresses a Variety of Authentication Use Cases
Two-factor authentication
Strong two-factor authentication using a hardware authenticator or biometrics as an extra layer of protection beyond a password.
Try it!Passwordless authentication
Strong single-factor authentication using a hardware authenticator or biometrics, eliminates the need for weak password-based authentication.
Try it!Usernameless authentication
Strong single-factor authentication using a hardware authenticator or biometrics, without the need of both username and password.
Try it!Multi-factor authentication
Strong multi-factor authentication using a hardware authenticator and a PIN or biometrics, to meet high assurance requirements.
Try it!Authenticators
Built into the Computer/Phone
Is attached using a client device-specific transport, called platform attachment, and is usually not removable from the client device.
Eg. Windows Hello, Mac Touch Bar, Android mobile biometrics or PIN/pattern/passphrase.
Security Key
Is attached using cross-platform transports, called cross-platform attachment, connected via USB, NFC or Bluetooth.
Eg. Security key which supports FIDO U2F or FIDO2, such as
YubiKey
.
Support
Supported natively across browsers and platforms.
Note
- The newest versions of browsers and platforms are recommended.
- Currently supported features are different between browser & platform combinations. Please click on each browser for details.
- Browsers and platforms which are not listed here do not support WebAuthn now or no information. (Last updated: May 2024)
Desktop
Web Apps
| Chrome | ||
| CTAP1/U2F | USB | |
| NFC | ||
| BLE | ||
| CTAP2/FIDO2 | USB | |
| NFC | ||
| BLE | ||
| Internal | ||
| Resident Key | External | |
| Internal | ||
| Client PIN | ||
| Synced Passkey | ||
| Browser Autofill UI | ||
| Cross-Device Authentication Client | ||
Passkeys - Others
| Cross-Device Authentication Authenticator | |
| Third-Party Passkey Providers |
Browser Extensions |
Native Apps
| Native Platform APIs | |
| System WebView | |
| Embedded WebView |
Web Apps
| Chrome | Edge | Firefox | Safari | ||
| CTAP1/U2F | USB | ||||
| NFC | |||||
| BLE | |||||
| CTAP2/FIDO2 | USB | ||||
| NFC | |||||
| BLE | |||||
| Internal | |||||
| Resident Key | External | ||||
| Internal | |||||
| Client PIN | |||||
| Synced Passkey | |||||
| Browser Autofill UI | |||||
| Cross-Device Authentication Client | |||||
Passkeys - Others
| Cross-Device Authentication Authenticator | |
| Third-Party Passkey Providers |
Native Apps
| Native Platform APIs | |
| System WebView | |
| Embedded WebView |
Web Apps
| Chrome | Edge | ||
| CTAP1/U2F | USB | ||
| NFC | |||
| BLE | |||
| CTAP2/FIDO2 | USB | ||
| NFC | |||
| BLE | |||
| Internal | |||
| Resident Key | External | ||
| Internal | |||
| Client PIN | |||
| Synced Passkey | |||
| Browser Autofill UI | |||
| Cross-Device Authentication Client | |||
Passkeys - Others
| Cross-Device Authentication Authenticator | |
| Third-Party Passkey Providers |
Browser Extensions |
Native Apps
| Native Platform APIs | |
| System WebView | |
| Embedded WebView |
Web Apps
| Chrome | Edge | Firefox | ||
| CTAP1/U2F | USB | |||
| NFC | ||||
| BLE | ||||
| CTAP2/FIDO2 | USB | |||
| NFC | ||||
| BLE | ||||
| Internal | ||||
| Resident Key | External | |||
| Internal | ||||
| Client PIN | ||||
| Synced Passkey | ||||
| Browser Autofill UI | ||||
| Cross-Device Authentication Client | ||||
Passkeys - Others
| Cross-Device Authentication Authenticator | |
| Third-Party Passkey Providers |
Browser Extensions |
Native Apps
| Native Platform APIs | |
| System WebView |
Edge WebView2 |
| Embedded WebView |
Mobile
Web Apps
| Chrome | Edge |
Firefox
(cannot perform authr attestation) |
||
| CTAP1/U2F | USB | |||
| NFC | ||||
| BLE | ||||
| CTAP2/FIDO2 | USB | |||
| NFC | ||||
| BLE | ||||
| Internal | ||||
| Resident Key | External | |||
| Internal | ||||
| Client PIN | ||||
| Synced Passkey | ||||
| Browser Autofill UI | ||||
| Cross-Device Authentication Client | ||||
Passkeys - Others
| Cross-Device Authentication Authenticator | |
| Third-Party Passkey Providers |
Native Apps
| Native Platform APIs | |
| System WebView |
Chrome Custom Tabs |
| Embedded WebView |
Web Apps
| Chrome | Edge | Firefox | Safari | ||
| CTAP1/U2F | USB | ||||
| NFC | |||||
| BLE | |||||
|
Lightning ( 
YubiKey 5Ci)
|
|||||
| CTAP2/FIDO2 | USB | ||||
| NFC | |||||
| BLE | |||||
| Internal | |||||
|
Lightning (
YubiKey 5Ci)
|
|||||
| Resident Key | External | ||||
| Internal | |||||
| Client PIN | |||||
| Synced Passkey | |||||
| Browser Autofill UI | |||||
| Cross-Device Authentication Client | |||||
Passkeys - Others
| Cross-Device Authentication Authenticator | |
| Third-Party Passkey Providers |
Native Apps
| Native Platform APIs | |
| System WebView |
ASWebAuthentication Session |
| Embedded WebView |