FIDO2

FIDO2

Now you can log in to your Windows computer with FIDO2 ready USB key or device, as you used with the FIDO U2F Key.

FIDO2 enables users to easily authenticate to the online services in both mobile and desktop environments. It is a successor to the previous authentication standards, FIDO UAF and FIDO U2F.
Exciting New functionality

FIDO2 for Windows Credential Provider

Scenario

fido2 working

There are 3 scenarios, you can log in to your RCDevs Windows credential provider via the FIDO2 key:

1)If you are on your active directory network, you can log in on your active directory with or without enabling Multi-Factor Authentication with your FIDO2 Key.

2)If you are outside your network and connected to the internet, you can still have authentication with your FIDO2 key that is verified on your RCDevs OpenOTP Server.

3)With no connection at all the offline mode still allows you to use your FIDO2 Key to authenticate yourself on your computer.
This mode is, of course, not mandatory and you can set the duration you want to enable it.

To enable the FIDO2 log in, enable through OpenOTP information by changing the login mode settings to either of them:

– LDAPU2F: Require both LDAP and FIDO responses.
– LDAPMFA: Require LDAP and either OTP or FIDO.

Benefits

Main Benefits

Higher Security
FIDO2 provides strong user authentication with a keypair (private and public) that can only be unlocked with a finger press. The FIDO standards protect the users against fishing attacks by linking the cryptography to the DNS names.
Authentication to multiple systems with one device
You have the ability to secure the web as well as desktop via Multi-Factor Authentication.
Low Discrepancy
There is a counter stored on both the fido key and the relying party (WebADM). It is incremented in the fido key each time you get an assertion from it, and that value is sent in the assertion to WebADM which stores it. That new value should always be higher than the one which is already stored in WebADM hence detecting cloned/forged authenticators.

How it Works

How FIDO2 works for the Windows Credential Provider client?

Here WebADM is the relying party. When you log in and configure in FIDO2, WebADM sends a challenge to the private key. The user’s private key is stored in FIDO2 authenticator, which is protected by a biometric factor or a pin (user’s presence is mandatory) and is used to sign transactions initiated by a relying party.

It brings to your windows login the same tree logging scenario that you already had with your RCDevs Mobile Push App.

Authentication methods

Our solution for VPNs provides Two-Factor with all OpenOTP One-Time Password methods:

To request an online demo, you only have to create your account or contact us.

Online Demos are available for free to let you try RCDevs multi-factor in 5 minutes and authenticate with your mobile or Yubikey.
Europe (Headquarters)
1 Boulevard du Jazz
4370 Esch-sur-Alzette
Luxembourg
United States (Office)
2415 Third Street, Suite 231
San Francisco, CA 94107
United States
© 2025 RCDevs Security SA. All Rights Reserved
EN
FR DE EN