Organizations expanding their digital transformation are moving applications and data to the cloud to enable accessibility from anywhere and decrease operating costs. As users log in to an increasing number of cloud-based applications, weak passwords are emerging as the primary cause of identity theft and security breaches.

Addressing this risk, Thales FIDO2 (the umbrella term for FIDO Alliance’s newest set of specifications) security keys are offering organizations passwordless, phishing-resistant authentication, allowing them to stop account takeover and remove risk of unauthorized access to sensitive resources like SaaS applications and Windows endpoints.

Thales FIDO2 security keys support multiple applications at the same time. Use one that combines FIDO2, U2F, PKI and RFID to access both physical spaces and logical resources.

Passwordless Phishing-Resistant MFA

FIDO2 authentication removes the risk of account take-over by replacing vulnerable passwords with a phishing-resistant WebAuthn credential.
FIDO2 authentication has gained traction as a modern form of MFA because of its considerable benefits in easing the login experience for users and overcoming the inherent vulnerabilities of passwords. Advantages include less friction for users and a high level of protection against phishing attacks.

Meet stringent compliance mandates

Thales FIDO2 security keys, USB Tokens and smart cards let you meet all your regulatory needs. They are FIDO2 and U2F certified. The combined PKI-FIDO keys are compliant with the US Executive Order mandate for phishing-resistant MFA and NIST regulations. They are FIPS 140-2 or Common Criteria (CC) certified.

Why should organizations consider FIDO?

Convenient

FIDO2 is a passwordless authentication method so users don’t need to remember their passwords. To facilitate user adoption, you can combine it with biometrics such as fingerprints.

Phishing-resistant

Leveraging asymmetric public key cryptography, FIDO2 protects against phishing attacks because each private key is bound to a service domain. If the accessed service is fake, authentication fails.

Prevent attacks

FIDO2 security key protects against man-in-the-middle (MiTM) attacks because each private key is stored securely in the hardware device.

Future-proof

Modern web applications support FIDO2. Cybersecurity agencies and analysts rank FIDO2 security key as the “gold” technology to invest in (NIST, ENISA, CSA, Gartner...).

Authenticate anywhere

Various form factors such as smart cards and USB tokens, with contactless option, allow users to authenticate from their mobile devices or from shared desktops.

Easy to deploy

Based on open standard, FIDO2 simplifies systems compatibility. It removes password-related help desk costs and lower IT overheads (no separate infrastructure required).

FIDO2 Device Benefits

Thales multi-factor authentication devices use current and emerging protocols to support multiple applications at the same time. Use one security key that combines FIDO2, WebAuthn, U2F, and PKI to access both physical spaces and logical resources.

Best in class security

  • Thales controls the entire manufacturing cycle and develops its own FIDO crypto libraries, which reduces the risk of being compromised.

Support for multiple use cases

  • Combine FIDO, PKI and physical access in a single device
  • Experience a strong authentication from mobile endpoints

User convenience for better adoption

  • Support for biometric (fingerprint on smart card)
  • Sensitive presence detector on USB FIDO key

Compliant with high security market standards

  • U2F and FIDO2 certified
  • Compliant with US and EU regulations for phishing-resistant authentication
  • Manufacturing in Europe and Trade Agreement Act (TAA) compliancy in option
  • FIPS and CC certified for PKI operations

Robustness & Scalability for a long-life duration

  • Hard molded plastic, tamper evident USB FIDO keys
  • No damage to USB ports thanks to sensitive presence detector
  • Support for firmware updates for better maintenance and upgradability

Enterprise FIDO-ready

  • Comply with FIDO2.1 specifications
  • Benefit from Thales FIDO Enterprise features
  • Use SafeNet FIDO key Manager for free

Thales FIDO Authentication Solutions

Smart Card Form Factor

SafeNet IDPrime 3930 FIDO is FIPS 140-2 Level 2 certified for the combined Java platform and PKI applet.

SafeNet IDPrime 3940 FIDO is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. 

SafeNet IDPrime FIDO Bio Smart Card combines biometrics and NFC to allow end users to authenticate from multiple types of devices securely and easily, with just a fingerprint instead of a password.

USB Token Form Factor

Fusion Series (PKI/FIDO)
The SafeNet eToken Fusion Series enables organizations to utilize passwordless phishing-resistant authentication methods improving security for enterprise resources accessed from any device. This series allows presence detection and supports all PKI and FIDO use cases. The SafeNet eToken Fusion Series includes an option with CC certification.

SafeNet eToken Fusion is available in two form factors: USB-A and USB-C. The USB-C form factor enables users to authenticate to any cloud resources by plugging this token to their mobile devices (phone/tablets).

SafeNet eToken FIDO
The TAA-compliant SafeNet eToken FIDO is a USB token, an ideal solution for enterprises looking to deploy passwordless authentication for employees. This FIDO authenticator is a compact, tamper-evident USB with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching the token).

Resources

ImageTitleLink
eBook: The Comprehensive Guide on Phishing-Resistant MFA, Passkeys and FIDO security keys.
Product Brief: Thales FIDO2 Devices
Product Brief: Thales Fusion Authenticators
White Paper: Meeting U.S. Government requirements for phishing-resistant MFA