Blog

The world of FIDO tokens: a guide to choosing and using them correctly

Person plugging a USB stick into their laptop

In an increasingly digitalized world where digital security is becoming more and more important, FIDO tokens have become an indispensable tool. They are used to replace or complement passwords and ensure reliable authentication. Given the large number of products on the market, it can be challenging to keep track and select the right product. Aspects such as compatibility with various applications and user-friendliness play a decisive role here.

What is a FIDO-Token?

A FIDO token is a device used for secure authentication and identity verification on the Internet. It replaces or supplements conventional passwords and offers an effective way to improve the security of online accounts. FIDO tokens exist in different versions, including USB tokens, NFC tokens and biometric tokens. They are characterized by their user-friendliness and offer a higher level of security compared to conventional passwords.

Compatibility is the key

Before you decide on a FIDO token, it is important to consider the purposes for which you want to use it. Compatibility with your desired application or specific use case is a crucial criterion. Some tokens may not be compatible with all operating systems or offer different interfaces such as USB-A or USB-C. It is therefore important to match your technical requirements with the specifications of the token.

Especially for applications such as ID Austria, specific certifications are required to meet legal requirements. For example, using a FIDO token with ID Austria requires FIDO 2 Level 2 certification and support for WebAuthn. Therefore, you should ensure that the token meets the required standards before purchasing it.

The A-Trust Webshop provides a good orientation, where all available tokens meet the requirements for use with e-government services and are compatible with ID Austria.

What can FIDO tokens do (and what not)?

FIDO tokens offer a wide range of possible applications, from use as a password replacement to integration into multi-factor authentication systems. They can be used to unlock computers, protect email accounts, authorize payments and much more.

With ID Austria in particular, FIDO tokens can be used as a second factor for authentication, which benefits people without a (newer) smartphone. Greater security is ensured by combining several authentication factors, among other things.

Which standard should you choose?

Choosing the right FIDO token depends on the requirements of your application. It is crucial to ensure that the token meets the required specifications, especially with regard to authentication standards such as FIDO 2 and specific application requirements.

The FIDO Alliance website provides a list of certified tokens and their specifications that can serve as a guide. Before purchasing, you should therefore inform yourself about the requirements of your application and ensure that the selected token meets them.

How to use the key?

The setup of a FIDO token can vary depending on the application, but usually requires a simple link to the corresponding service. For example, linking to ID Austria can be done via the A-Trust account, for example.

Once the link is complete, the token can be used as a second factor for authentication. This process is straightforward and usually involves inserting the token, entering a PIN and, if necessary, a physical confirmation.

NFC function: useful or risky?

The NFC function of FIDO tokens can be useful depending on the application, but offers no security advantage when used with ID Austria, as this function is not currently used for two-factor authentication. In principle, however, FIDO 2 Level 2 tokens with NFC fulfill all security requirements and are certified accordingly.

Overall, FIDO tokens offer a robust and versatile solution for the authentication and protection of digital identities. Through careful selection and application, they can help to improve security and simplify access to various services.