Glossary term
FIDO2
Also: WebAuthn, CTAP2
Open authentication standard of FIDO Alliance and W3C, comprising WebAuthn (browser/platform interface) and CTAP2 (device protocol). Foundation for phishing-resistant MFA and Passkeys.
WebAuthn defines how a browser or app communicates with the OS or an external authenticator (USB, NFC, BLE). CTAP2 defines the device protocol. Together they provide public-key-based login without shared secrets.
Security properties: phishing-resistant (origin binding), no replay (counter and challenge), no server secret (only public keys stored). Meets NIST AAL3 when a hardware authenticator with user verification is used.
In regulated use important: attestation statement provides device vendor and security level. For DORA- and NIS2-relevant access, attestation is typically required.
Related terms
MFA
Authentication combining at least two factors from knowledge (password), possession (hardware token,…
Passkeys
Phishing-resistant authentication credentials per WebAuthn/FIDO2 that keep private keys on the devic…
FRIA
Mandatory assessment under EU AI Act Art. 27 for deployment of specific high-risk AI systems. Requir…
AI Act Conformity Assessment
Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …
AI Act Risk Categories
Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …
Audit-ready decision
A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir…
BAIT
BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for…
BCM
Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI…