FIDO2 is the general term for the latest FIDO Alliance specification set. FIDO2 allows users to take advantage of common devices to easily authenticate to online services in mobile and desktop environments. FIDO2 specifications are the specification of the World Wide Web Consortium (W3C) Web Authentication (WebAuthn) and the corresponding FIDO Alliance, Client-to-Authenticator Protocol (CTAP).
FIDO2 reflects the industry's response to the global password problem and addresses all the problems of traditional authentication:
Security: FIDO2 cryptographic login credentials are unique across websites, they never leave the user's device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft, and repeat attacks.
Convenience: Users unlock cryptographic login credentials with simple built-in methods, such as fingerprint readers or cameras on their devices, or taking advantage of easy-to-use FIDO security keys. Consumers can select the device that best suits their needs.
Privacy: Because FIDO cryptographic keys are unique to each website, they cannot be used to track users across all sites. In addition, biometric data, when used, never leaves the user's device.
Within FIDO2 specifications
Web Authentication (WebAuthn): WebAuthn allows online services to use FIDO authentication through a standard web API that can be integrated into browsers and related web platform infrastructure. It is a collaborative effort based on specifications initially sent by FIDO Alliance to the W3C and then iterated and completed by the broader communities of FIDO and W3C. WebAuthn was designated as the official web standard in March 2019. It is currently compatible with Windows 10, Android platforms, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari web browsers.
WebAuthn allows users to log in to Internet accounts using their preferred device. Web services and applications can, and should, enable this functionality to give their users an easier login experience through biometric data, mobile devices and/ or FIDO security keys, and with much more security than passwords.
Client-to-Authenticator Protocol (CTAP) CTAP allows for expanded use cases over previous FIDO standards. It allows external devices, such as mobile phones or FIDO security keys, to work with WebAuthn compatible browsers and also serve as authenticators for desktop applications and web services.
Other FIDO specifications: FIDO2 specifications support existing FIDO UAF and FIDO U2F use-cases without password and extend the availability of FIDO authentication. Users who already have external devices that support FIDO, such as FIDO security keys, will be able to continue using these devices with web applications that support WebAuthn. Existing FIDO UAF devices can still be used with pre-existing services, as well as new service offerings based on FIDO UAF protocols.
Testing and Certification: FIDO Alliance provides interoperability testing and certification for servers, clients and authenticators that adhere to FIDO2 specifications. In addition, Alliance has introduced a new Universal Server certification for servers that interoperate with all types of FIDO authenticators (FIDO UAF, WebAuthn, CTAP). As a best practice, the FIDO Alliance recommends online services and companies implement a universal server to ensure compatibility with all FIDO-certified authenticators.