What is FIDO and why use it?

FIDO2 is the umbrella term for FIDO Alliance's newest set of specifications. FIDO2 authentication enables users to capitalize on common devices to authenticate quickly and securely to online services in both desktop and mobile environments. FIDO authentication is the industry's solution to the global password challenge and addresses all of the concerns of traditional authentication.

To reduce risk to your Windows logon, SaaS applications, users with high privilege and users in general, Thales supports FIDO passwordless authentication using multi-factor authentication (MFA) hardware devices.

Switching to a Passwordless world – What is passwordless authentication?

Accessing apps or IT systems without using a password or security questions by replacing passwords with FIDO compliant devices introduces a modern passwordless MFA experience that is resistant to phishing attacks and account takeovers, and enables compliance. Enjoy a passwordless authentication solution with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching token edge).

Thales multi-factor authentication devices use current and emerging protocols to support multiple applications at the same time. Use one security key that combines support for FIDO2, WebAuthn, U2F, and PKI to access both physical spaces and logical resources.

One Device for FIDO & PKI or FIDO & Physical Access

Extend Modern Authentication to PKI Environments - Organizations that rely on PKI authentication can now use a combined PKI-FIDO smart card and USB tokens to facilitate their cloud and digital transformation initiatives by providing their users with a single authentication device for securing access to legacy apps, network domains and cloud services.

Physical Access - For optimum convenience, Thales FIDO smart cards support physical access enabling users to access both physical spaces and logical resources with a single customizable smart card.

SafeNet IDPrime 941 FIDO and SafeNet IDPrime 931 FIDO cards combine physical access, PKI and FIDO use cases in one device and enable FIDO authentication on mobile devices thanks to NFC.

  1. SafeNet IDPrime 3930 FIDO is FIPS 140-2 Level 2 certified for the combined Java platform and PKI applet.
  2. SafeNet IDPrime 3940 FIDO is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. This smart card is also compliant with eIDAS regulations and has obtained the French “Qualification Renforcée” from ANSSI.
  3. SafeNet IDPrime 941 FIDO is qualified for both eSignature and eSeal applications and is Common Criteria certified.
  4. SafeNet IDPrime 931 FIDO is qualified for both eSignature and eSeal applications and is FIPS 140-2 Level 2 for the combined Java platform and PKI applet.
  5. The SafeNet IDCore 3121 FIDO is a physical access smart card with FIDO. This contactless smart card allows communication via a contactless ISO14443 interface and is also compatible with NFC readers.

FIDO Tokens with Touch Sense Options

SafeNet eToken Fusion Series

The SafeNet eToken Fusion Series enables organizations to utilize passwordless phishing-resistant authentication methods improving security for enterprise resources accessed from any device. This series allows presence detection and supports all PKI and FIDO use cases. The SafeNet eToken Fusion Series includes an option with CC certification.

SafeNet eToken Fusion is available in two form factors: USB-A and USB-C. The USB-C form factor enables users to authenticate to any cloud resources by plugging this token to their mobile devices (phone/tablets).

SafeNet eToken FIDO

The SafeNet eToken FIDO is a USB token, an ideal solution for enterprises looking to deploy passwordless authentication for employees. This FIDO authenticator is a compact, tamper-evident USB with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching the token).

Thales and Microsoft partner to provide Microsoft Azure AD customers with FIDO and CBA phishing-resistant authentication

With the new Azure AD cloud-native CBA support, Microsoft customers can use Thales X.509 certificate-based Tokens, Smart cards, and FIDO authenticators for all their identity protection needs. By supporting multiple use cases (PKI, CBA, FIDO2 authentication, physical access) in a single device, Thales allows organizations to extend high assurance access to the cloud while building on their existing environments.

Full integration with MS Azure AD

To address customer needs for FIDO, phishing-resistant authentication for Azure AD managed resources, Thales is offering a Microsoft-verified and tested USB FIDO security key. The Thales key and other Thales FIDO devices are fully compatible and integrated with Azure AD. They are ideal for protecting cloud services and on-premises applications.

/ Try It now

Wherever your data resides we can help you own your data

Get a Demo