If you do not yet have FIDO 2 certification, you need to work your ways towards getting it. The FIDO Alliance is an open industry association with a focus to set authentication standards to help reduce the world’s over-reliance on passwords. FIDO2 is a new standard from the FIDO alliance, which is simply an authentication method that is much safer compared to a password-based system.
FIDO2 is also faster and more user friendly compared to the 2nd-factor authentication(2FA), including OTP (One-Time Passcode). Therefore, FIDO2 becomes the technology of choice for passwordless login systems, including hybrid cloud applications, like Microsoft Azure AD.
There are multiple FIDO2 security keys for FIDO U2F and FIDO2 authentication. Forinstance, there is G310 and G320 which share the same platform with different interfaces (USB-A and USB-C, respectively). The FIDO Alliance certifies these keys as the security level-2 (L2). G310 was the first security key in the industry with level 2 certification. G310 and G320 are still only L2 certified keys in the industry.
So, what exactly is FIDO2 security? If you check out the description of security levels from the FIDO Alliance, the main difference between L1 and L2 is the fact that L2 must support "Allowed Restricted Operation Environment (AROE)." L2 requires most of FIDO security functions to be done inside secure hardware like SE (secure element) or software like TEE (Trusted Execution Environment) as AROE.
Therefore, the most critical aspect of L2 level security is about AROE, which simply refers to how well one designs the architecture of the authenticator AROE against client-side scalable attacks. AROE is the boundary inside the security key, which the most of security operations associated with FIDO protocol should be protected from outside attacks.
For more information on FIDO2certification,visit our website at https://loginid.io/
