Skip to main content

Authentication Guide

The OFFPAD offers the gold standard of authentication with FIDO2. FIDO2 enables authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a passwordless, two-factor or multi-factor authentication experience.

Multi-factor (MFA)

In services or applications that implement multi-factor authentication you need one or more things in addition to your password to prove you are who you say you are.

Most multi-factor setups are based one of three types information:

  • Things you know, such as a password or PIN.
  • Things you have, such as a smartphone or FIDO2 Security Key.
  • Things you are, such as a fingerprints.

In a multi-factor setup the OFFPAD is both something you have and something you are with the use of fingerprints. This adds two extra non-phishable factors in addition to the password.

Two-factor (2FA)

In services or application that implement two-factor, you need one thing in addition to your password to prove you are who you say you are. Two-factor is subset of multi-factor.

You're probably familiar with several ways of doing 2FA:

SMS or email

After entering your password the application or service sends you a code or an URL that embeds a code. You then need to enter the code or clik the URL before you can log in. This is the easiest method to set up but is also the least secure because email and SMS are both unencrypted and easily compromised and the code is easily phishable.

Authentication apps

After entering your password, the application or service will ask you for a code that you can retrieve by opening an app on your phone, like Google Authenticator or Microsoft Authenticator. This is more secure than SMS or email, but requires you to install specific software on your phone, and manually entering a code. This code is also phishable.

Passwordless with FIDO2

In services or application that implement passwordless authentication with FIDO2 the phishable password is removed and replaced with phishing-resistant cryptographic credentials. The cryptographic credentials are stored in an authenticator like the OFFPAD. In a passwordless setup the OFFPAD is both somehting you have and something you are with the use of fingerprints.

If you want to learn how to setup passwordless authentication for your Windows environment, take a look at our Microsoft 365 Usage Guide.

If you want to learn how to setup passwordless authentication for your Google Account, take a look here.

OFFPAD as multi-factor

The OFFPAD can be setup as a strong non-phishable multi-factor in addition to passwords. With this option you achieve the same security level as passwordless but not the same level of convinience.

If you want to learn how to setup the OFFPAD as a multi-factor for your Google Account, take a look here.