FIDO2 is an open authentication standard developed by the FIDO Alliance and the W3C that enables passwordless or strong multi-factor authentication using public-key cryptography. Users authenticate through biometric sensors (fingerprint or facial recognition), hardware security keys (such as YubiKeys) or platform authenticators built into their devices, eliminating the need for passwords that can be phished, leaked or brute-forced.
FIDO2 authentication is increasingly recommended by compliance frameworks and security authorities as a best practice for protecting against credential-based attacks, which remain one of the most common attack vectors. By implementing FIDO2, organisations significantly reduce the risk of phishing, credential stuffing and account takeover attacks while improving the user experience through seamless, passwordless login flows that meet the strong authentication requirements of ISO 27001 and NIS2.