Committed to connecting the world

SDG

Developer resources for strong authentication

​​​​​​​A passwordless user authentication reduces risks associated with the use of vulnerable "shared secrets" like passwords and one-time passwords that can be phished or stolen. Deploying stronger passwordless authentication raises the bar for user privacy and security and improves the user experience by eliminating the inconvenience of having to remember passwords and laboriously typing them at every login. Recommendation ITU-T X.1277 describes Fast Identity Online (FIDO) Universal Authentication Framework (UAF) that describes secure authentication using cryptography  and a simple user login experience with biometrics such as fingerprint or face ID.​

The compendium of resources for developers compiled on this page by the Security Infrastructure and Trust Working group  under the Financial Inclusion Global Initiative (FIGI) focuses on FIDO UAF to demonstrate the adoption of strong passwordless authentication for user login and transaction confirmation, especially for digital financial services. The FIDO developer resources below include step by step guidelines for Android and iOS developers. A demo application is available on the Google Play store (refer to the resources section below for further information). The ITU would like to thank Acceppto for contributing this work in the Security Infrastructure and Trust Working group under FIGI. ​​

Developer resources for FIDO UAF

Resources for developers to test passwordless authentication by integrating and implementing FIDO UAF protocol into their current application. 

The FIDO specifications

​​​​FIDO​ ​is an open standard for simpler, faster and stronger passwordless authentication using PKI proposed by the FIDO Alliance​, an open industry association with over 250 organizations.​

​   FI​D​​O has​​ three sets of specifications for strong authentication:
  FIDO UAF SDK resources ​