The New FIDO UX Guidelines & FIDO2 Enhancements

FIDO UX Guidelines and FIDO2 Enhancements

The FIDO Alliance recently made a significant move towards a passwordless world, announcing new FIDO2 standards and its first user experience (UX) guidelines. The latter is a major step towards even broader FIDO adoption, as it provides consumers with helpful information on how they can benefit from adopting FIDO. On this page, we’ll go through the FIDO UX guidelines step by step to see how they can contribute to the acceleration of FIDO authentication worldwide.

The FIDO Journey

The FIDO Alliance has come a long way since its inception in 2012. Today’s estimates show that over 4 billion devices and close to 90 percent of web browsers currently support FIDO Authentication. That said, although FIDO undoubtedly provides a simple but uncompromising user authentication approach, there’s still room for optimization. This is especially true when it comes to the user experience.

The FIDO Alliance created a website to serve as a reference implementation of the new UX guidelines:

FIDO UX Guidelines and FIDO2 Enhancements

A live reference implementation of the FIDO UX Guidelines

To make it easier to understand and follow, the typical FIDO journey can be divided into four steps:

  • Promoting awareness
  • Inviting users to Register via FIDO
  • FIDO registration
  • Making FIDO the primary sign-in path

With these four steps in mind and going by the FIDO reference website, the FIDO registration journey could be summed up through the following process:

  1. Set up a username and password with the site.
  2. Sign in with the site using your credentials.
  3. When logged in, select the “Register Now” option.
  4. Click on “Learn More” to open up FIDO-related information
  5. Select the “Register” option, enter your password, PIN, security key, or another method you use to unlock your device
  6. Log out of the site after completing the FIDO registration.
  7. This completes the process. Enjoy signing into the site with FIDO with maximum ease, convenience, and security!

FIDO Alliance Additional Recommendations

After conducting UX tests in three different rounds, the FIDO Alliance has come up with preliminary recommendations to ensure the best practices for proper FIDO implementations. These include:

  • It’s always best to use a simple biometric image for the initial registration process and have FIDO logos at each touchpoint to confirm that the user’s following the right order of steps.
  • The developers should optimize for each type of environment and for each type of FIDO-capable device.
  • Both consumers and the staff need proper and thorough education on FIDO.
  • Enterprises should always have a dedicated and special problem resolution path for customers who run into FIDO-related problems.

Enhancements to FIDO Standards

Apart from going through the FIDO registration journey step by step, we should also address the enhancements that the FIDO Alliance announced to its FIDO2 specifications. These include several new features that will help more streamlined passwordless enterprise deployment and support other complex applications.

These guidelines were created after thorough research in collaboration with several notable FIDO Alliance member companies. Some of the most prominent names include Bank of America, Facebook, Google, Microsoft, and eBay.

The key term to highlight from this announcement is the so-called “enterprise attestation”. It will provide enterprise IT with better management of FIDO authenticators used by its employees.

In other words, enterprise attestation allows for better binding of an authenticator to an account. Furthermore, it assists with different management functions, such as usage tracking, credential and pin management, and the biometric enrollment required in the specific enterprise. Additionally, cross-origin iFrames and Apple attestation support have also been added as a part of the enhanced standards.

According to Andrew Shikiar, executive director and CMO of the FIDO Alliance, these first UX guidelines and FIDO2 enhancements provide both consumers and enterprises the tools and protection for a more secure, passwordless future. And, taking into account all of the information we discussed on this page, this is certainly a big step forward for the constantly evolving FIDO Alliance.