FIDO Alliance extends certification program to further strengthen trust in standards-based authentication devices

March 20, 2018

The FIDO Alliance announced the expansion of its certification program to include multi-level security evaluations for authenticators such as physical security keys and biometrics in mobile devices and PCs. The Alliance also announced the first products certified under the new Authenticator Certification Levels program.

The new authenticator certifications will further increase consumer, enterprise, and service providers’ confidence that user credentials housed in standards-based FIDO Authentication devices are protected from targeted attacks against a user’s FIDO device. The new program incorporates traditional FIDO functional certification, which measures compliance and ensures interoperability among products and services that support FIDO specifications.

Available levels and security requirements:

The FIDO Alliance is now offering testing and certification for two security levels for all published specifications: FIDO Certified Level 1 (L1) Authenticator and FIDO Certified Level 2 (L2) Authenticator. Additional levels covering a full range of security requirements will be introduced at a later date.

All FIDO Certified L1 Authenticators must pass interoperability testing for compliance with the FIDO specifications. They also must pass a design review against FIDO Certification Requirements to ensure the authenticator uses the best security practice for the operating system it is running on.

The FIDO L2 Security Certification Requirements mandate that authenticators implement a restricted operating environment such as a Trusted Execution Environment (TEE) or Secure Element (SE) to protect biometric data and authentication credentials against operating system compromises that arise from app downloads, malicious website content, or similar threats. FIDO Certified L2 Authenticators also must pass a comprehensive design review by a FIDO-accredited third-party security certification laboratory. As with L1 Certification, the authenticator must pass interoperability testing.

FIDO has the full release

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...