--- title: FIDO2 authentication description: PingID supports the use of the FIDO2, FIDO2 biometrics, and FIDO2 security keys for authentication. component: pingid page_id: pingid:pingid_service_management:xxl1564020476860 canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/xxl1564020476860.html revdate: April 18, 2024 section_ids: enhanced-fido2-authentication-support: Enhanced FIDO2 authentication support fido2-integration-modes: FIDO2 integration modes --- # FIDO2 authentication PingID supports the use of the FIDO2, FIDO2 biometrics, and FIDO2 security keys for authentication. PingID supports the use of the FIDO2 protocol, and PingID FIDO2 Server is a FIDO2 certified product. ![zfe1618817176692](_images/zfe1618817176692.png) Users can authenticate with FIDO2 security keys, passkeys, or FIDO2-compatible accessing devices by using a gesture that is enabled by built-in biometrics support on the devices. PingID's FIDO2 compliance provides security benefits, including protection against phishing, man-in-the-middle, and replay attacks. This includes the following FIDO2 protocol security measures: * Based on public key cryptography * Ensures that private keys remain on the FIDO2 device only * Does not employ server-side shared secrets, that could otherwise be compromised * Isolates services from accounts * Does not employ a third party in the FIDO2 protocol ## Enhanced FIDO2 authentication support To benefit from enhanced FIDO2 authentication, you'll need to integrate a PingID account with a PingOne environment. You can: * Create a new PingID account that is managed by a PingOne environment: the enhanced FIDO2 authentication method is enabled by default. Legacy FID02 biometrics and Security Key authentication methods are not available. Learn more in [Creating a new PingID environment in PingOne](http://docs.pingidentity.com/pingone/strong_authentication_mfa/p1_create_environment_strong_authentication_start.html). * Update an existing PingID account that is integrated with a new PingOne environment to benefit from the enhanced FIDO2 authentication method. For more information, see: [Updating a PingID account to use PingOne FIDO2 policy for Passkey support](pid_update_to_fido2_authentication_method.html). Learn more: [Integrating a PingID account with a PingOne environment](http://docs.pingidentity.com/pingone/strong_authentication_mfa/p1_integrate_pid_env_with_new_p1_env_updated.html). ## FIDO2 integration modes PingID supports the following FIDO2 integration modes: * PingID's out of the box solution, using the PingID UI and the pingone.com domain. For more information, see: * [Using Windows Hello for authentication](http://docs.pingidentity.com/pingid-user-guide/secure_authentication_with_pingid/pid_using_windows_hello_auth.html) * [Using Apple Mac Touch ID for authentication](http://docs.pingidentity.com/pingid-user-guide/secure_authentication_with_pingid/pid_using_mac_touchid_auth.html) * [Using a security key (FIDO2) for authentication](http://docs.pingidentity.com/pingid-user-guide/secure_authentication_with_pingid/pid_using_security_key_auth.html) * [Using Android biometrics for authentication](http://docs.pingidentity.com/pingid-user-guide/secure_authentication_with_pingid/pid_using_android_biometrics_auth.html) * API-based, using a custom UI that is not hosted by PingID, and a custom domain. For more information, see: * [FIDO pairing workflow](https://apidocs.pingidentity.com/pingid-api/guide/pingid-api/pid_c_PingIDapiUserManagement) * [FIDO authentication workflow](https://apidocs.pingidentity.com/pingid-api/guide/pingid-api/pid_c_PingIDapiAuthentication) * [FIDO passwordless authentication workflow](https://apidocs.pingidentity.com/pingid-api/guide/pingid-api/pid_c_PingIDapiAuthentication) * Hybrid mode, also API-based using a custom UI for registration that is not hosted by PingID, and PingID's default UI for authentication. This mode leverages the pingone.com domain. For more information, see [PPM request for FIDO authentication with a hybrid UI](https://apidocs.pingidentity.com/pingid-api/guide/pingid-api/pid_c_PingIDapiPpmrequest).