Ledger is pleased to be the first Bitcoin pure player security company to join the FIDO Alliance, defining standard protocols for stronger authentication using public key cryptography.
Strength in numbers ?
That’s a key Bitcoin principle but regarding authentication it stands divided — there are multiple quickly drafted authentication standards relying on Bitcoin cryptography being defined, more or less compatible and interoperable with each other, such as BitID, TREZOR Connect or BitAuth.
Surprisingly there are also multiple Bitcoin services and exchanges relying on proprietary two factor authentication solutions such as Clef or Authy.
Let’s take a quick look on what FIDO offers
FIDO Second Factor (U2F)
U2F uses Elliptic Curve Cryptography (on Bitcoin neighbor curve secp256r1) to replace the typical OATH-TOTP validation by a cryptographic challenge performed by a hardware token. It is designed to prevent against phishing by leveraging on Origin Bound certificates, and protects user privacy by mandating a different key generation per website account.
U2F is fully supported by the Chrome family browsers today and has been a driving force into standardizing the use of USB devices into the browser since Chrome 31.
It is implemented for Google services as a Security Key and is available in multiple implementations and form factors
FIDO Passwordless (UAF)
UAF recognizes the user (with a PIN, biometrics or other methods) and uses Public Key Cryptography (and natively supports the Bitcoin curve secp256k1) to authenticate with the remote service.
It has been initially deployed in Samsung Galaxy S5 on a Trusted Execution Environment for easier Paypal payments
Ledger plans to provide with its next Hardware Wallet products standard FIDO implementations with Bitcoin, leveraging on well established standards and a vibrant ecosystem.
For more technical information about FIDO, you can browse this tutorial.
Check how to use Ledger devices for enhanced, FIDO second-factor authentication