Modern Security Keys can be used for logging into services without username and password. The user experience then just involves clicking a login button and pressing the Security Key. It frees the user from having to remember username/password combinations. Furthermore, it makes server-side storage and validation of passwords obsolete.
A PIN code can provide an additional protection in case the Security Key gets lost. In contrast to a password, it can be as short as some digits since Security Keys lock after eight failed attempts. Alternatively, some Security Keys provide biometric capabilities instead of PINs.
Our SDK brings passwordless FIDO authentication to Android that works with security keys over NFC and USB.
Passwordless login is supported by modern FIDO2 Security Keys, such as the YubiKeys 5 series as well as Solokeys. Security Keys can be directly connected over USB-C and NFC. USB-A keys require an additional USB OTG cable.
We are not selling yet another SaaS login solution. Our SDK is a standard-compliant clean-room implementation that works with any FIDO server. In contrast to Google's FIDO APIs, our SDK works without Google Play Services. Thus, it also works in countries where phones do not ship with Google Play.
The FIDO Alliance does not certify native FIDO clients. However, our SDK has been successfully tested with a wide variety of FIDO authenticators. It has been implemented by carefully following the FIDO standards.
|Hardware Security SDK||Client to Authenticator Protocol 2 (CTAP2)|
|FIDO2 Artifact||WebAuthn Specification|