Page created: 3 Jun 2020
|
Page updated: 18 May 2023
PingID supports the use of the FIDO2 biometrics and FIDO2 security keys for authentication.
PingID supports the use of the FIDO2 protocol, and PingID FIDO2 Server is a FIDO2 certified product.
Users can authenticate with FIDO2 security keys or FIDO2-compatible accessing devices by using a gesture that is enabled by built-in biometrics support on the devices.
PingID’s FIDO2 compliance provides security benefits, including protection against
phishing, man-in-the-middle, and replay attacks. This includes the following FIDO2
protocol security measures:
- Based on public key cryptography
- Ensures that private keys remain on the FIDO2 device only
- Does not employ server-side shared secrets, that could otherwise be compromised
- Isolates services from accounts
- Does not employ a third party in the FIDO2 protocol
PingID supports the following FIDO2 integration modes:
- PingID’s out of the box solution, using the PingID UI and the pingone.com domain. For more information, see:
- API-based, using a custom UI that is not hosted by PingID, and a custom domain. For more information, see:
- Hybrid mode, also API-based using a custom UI for registration that is not hosted by PingID, and PingID’s default UI for authentication. This mode leverages the pingone.com domain. For more information, see PPM request for FIDO authentication with a hybrid UI.