According to the website researching account breaches, Have I Been Pwned, there are over 8.5 billion compromised user accounts. As if that weren’t enough, The Kaspersky Labs reported an increase in phishing attempts by 21% just in the second quarter of 2019, and the amount of phishing attempts is predicted to increase even more in the upcoming years.

Hackers are fully aware of the advantages of social engineering attacks, which are more efficient and more affordable compared to other techniques used to steal user data, and phishing has become their top choice. No matter how efficient and secure firewalls, VPNs, or antivirus software become, people (and their passwords) are still the weakest link in cybersecurity.

Introducing FIDO2 authentication standards for Trezor Model T, the only security key with a touchscreen display in the world.

At SatoshiLabs, we’re not dedicated just to Bitcoin security, but to cybersecurity in general. We want you to stay safe and protected from all potential risks, including phishing attempts. For over six years, we’ve been on a journey toward finding the perfect balance between usability and security, and we believe that this latest addition to Model T is taking us a step closer to achieving this balance.

Today’s release of firmware version 2.1.8 available for Trezor Model T is equipped with the latest authentication standards to protect your online accounts and the credentials used to access them.

What is FIDO2?

The new web authentication protocol, called FIDO2, was developed by the FIDO Alliance and brings phishing-proof passwordless authentication to the masses.

The FIDO2 protocol contains three authentication types:

Passwordless login

Two-factor authentication (2FA)

Multi-factor authentication

The first and most innovative part of FIDO2 is the Passwordless authentication. Our implementation of this feature enables users to easily authenticate logins to their favorite supported services on Trezor Model T without needing to enter any sensitive credentials. With this new set of specifications from the FIDO Alliance, you can log in to web services without having to remember or manually enter your password ever again.

When you register your Model T for passwordless login, a device-resident credential is stored on your device. That credential carries information about your account so that you can log in without having to type in your username or password. This means that if your security key gets wiped or lost, all of these credentials would also be lost and you would have to log in to your account using traditional authentication; not with Model T. With Model T, you can back up your resident credentials so that when you recover your wallet from your recovery seed or from your recovery shares you will also be able to reload the credentials onto the device. Making it easy to recover your credentials in case of theft or loss of your Trezor.

The second authentication type is Two-factor authentication (2FA), which is a new version of the legacy U2F. This feature adds a second layer of authentication to your authentication process. Enter your login credentials and confirm the login on the display of Model T.

The third type is the Multi-factor authentication. A combination of a second factor (Trezor T device) with an additional factor (device PIN) allows even the most security conscious user to secure their accounts satisfactorily. Trezor Model T is, by default, a multi-factor security key.

However, the usability of FIDO2 depends on the level of implementation on the side of the provider of the online service you want to use. At the time of the release of this article, the Passwordless login was possible only with Microsoft platforms Azure and Live, but we’re anticipating further adoption by the members of the FIDO Alliance. This is purely due to the fact that FIDO2 was released earlier this year, and the adoption of new standards takes a while.

Why should you use FIDO2 with Trezor Model T?

FIDO2 combined with Model T adds an additional layer of security to your online accounts. By using Model T as your security key, you’re removing the possibility of a malicious third party accessing your data in a potential credentials exposure. How? Every time you attempt to log in, the online service will request your credentials. Afterward, you will be required to confirm the login on your security key (Model T). To confirm the login, you will need to unlock your device with a PIN and then authenticate the login. All of this occurs on the Trusted Display of Trezor Model T, preventing any leaks to third-party or potentially infected computers. The display of Trezor Model T also allows you to verify the service you’re attempting to log in to, and the account you’re using to log in, quickly revealing any suspicious activity.

How does FIDO2 work?

FIDO2 is an evolution of the FIDO Universal 2nd Factor (U2F) legacy protocol. It has all the advantages of the legacy U2F, with the main difference of allowing a FIDO2 authenticator to also be used as a multi-factor authenticator. Trezor Model T works by default as a multi-factor security key because the device PIN has to be entered on the display of Model T in order to further confirm the login request.

FIDO2 is based on two specifications — Web Authentication (WebAuthn) and Client to Authenticator Protocol (CTAP).

WebAuthn provides online services with a standard web API that enables FIDO Authentication to be built into browsers and other web platforms. This way, users can log in to their internet accounts using their FIDO security key, like the Trezor Model T.

How to use FIDO2

First, you need to update your Model T to the latest version 2.1.8. FIDO2 is enabled in this version by default. All you need to do is find one of the services supporting FIDO2 authentication and set your Model T as a security key. At SatoshiLabs, we’re using FIDO2 with Model T on some of our favorite services, such as Binance, Dropbox, and GitHub.

FIDO2 is a revolutionary new authentication type that allows both individuals and businesses to use Trezor Model T as an additional security layer, and help protect the things that matter. Your credentials and private information stored on your favorite online services deserve the best security you can get, and the combination of FIDO2 and Model T make the highest security standards available to everyone.

Do you want to learn more about FIDO2?

Visit the FIDO Alliance or Trezor Wiki and find out how FIDO can increase your security.