Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

#wrapper *:not(#noScriptAlert) { opacity: 0.75; } #noScriptAlert { display: block; }

Please turn on your JavaScript for this page to function normally.

Mirko Zorz, Director of Content, Help Net Security Sponsored

June 25, 2025

Why should companies or organizations convert to FIDO security keys?

In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights into their scalability, compliance advantages, and real-world deployment considerations.

FIDO security keys

How do FIDO security keys differ from traditional authentication methods like passwords or SMS codes?

FIDO security keys use public key cryptography to authenticate users, making them inherently more secure than passwords or SMS codes. Unlike traditional methods, they are resistant to phishing, replay, and man-in-the-middle attacks. Authentication is tied to the specific service and completed only when the user confirms with a tap or PIN, without transmitting any reusable credentials. This method ensures that secrets are never shared or stored centrally. FIDO security keys are based on a tamper-proof smart card chip and operate with the credentials entirely in the chip. This significantly reduces the risk of credential theft and simplifies secure access.

What types of security threats can FIDO security keys mitigate?

FIDO security keys significantly reduce the risk of phishing, credential theft, and brute-force attacks. Because they don’t rely on shared secrets like passwords, they can’t be reused or intercepted. Their phishing-resistant protocol ensures authentication is only completed with the correct web origin. FIDO security keys also address insider threats and endpoint vulnerabilities by requiring physical presence, further enhancing protection, especially in high-security environments such as healthcare or public administration. Moreover, FIDO security keys are extremely robust against penetration attacks due to the usage of tamper-proof smart card chips, which are certified to the highest level, and the FIDO device-bound passkey scheme, which assures that private keys cannot be retrieved from the smart card chips.

Can FIDO security keys be integrated with existing security infrastructure?

Yes, they are designed to work seamlessly with most identity and access management (IAM) systems. They support industry standards like FIDO2, HOTP/TOTP, and smartcard schemes such as PIV. Some keys also integrate with physical access systems – for example, MIFARE, HID or LEGIC – and support centralized device management tools. This flexibility enables phased rollouts and consolidation of multiple authentication technologies, reducing administrative overhead while enhancing security posture.

What industries or sectors would benefit the most from implementing FIDO security keys?

In principle, any organization that prioritizes a secure IT infrastructure stands to benefit from adopting FIDO-based multi-factor authentication. Whether it’s a small business protecting customer data or a global enterprise managing complex access structures, FIDO security keys provide a robust, phishing-resistant alternative to passwords. That said, sectors with heightened regulatory requirements, such as healthcare, finance, public administration, and critical infrastructure, have particularly strong incentives to adopt strong authentication. In these fields, the risk of breaches is not only costly but can also have legal and operational consequences.

FIDO security keys are also ideal for restricted environments, such as manufacturing floors or emergency rooms, where smartphones may not be permitted. Keys that support both digital and physical access provide added value in environments like hospitals, research facilities, or data centers, where unified access control improves security, simplifies deployment, supports compliance, and scales with future needs. Moreover, FIDO Keys are often more cost-effective than smart card-based solutions, eliminating the need for card readers and avoiding wear and tear.

How do FIDO security keys contribute to regulatory compliance and data protection?

FIDO tokens help meet the strong authentication requirements of regulations like NIS2 or DORA in the EU, CISA ZTMM und OMB M-22-09 in the U.S. or the U.S. Executive Order on cybersecurity. Their passwordless architecture supports data minimization and reduces attack surfaces. Some keys are even available with FIPS 140-3 certification aiding compliance with U.S. federal standards.

Are FIDO security keys a scalable solution for organizations of all sizes?

Absolutely. From small businesses to large enterprises, FIDO keys offer a scalable approach to authentication. Their plug-and-play nature allows for easy adoption, and many support centralized management for large deployments. As mentioned earlier, multifunctional keys that combine IT login with building access offer further scalability by reducing the number of separate devices needed. This versatility ensures they can be tailored to different user groups and security needs across an organization.

What are the cost implications of transitioning to FIDO security keys?

While the initial investment in FIDO keys may seem higher than traditional methods, the long-term savings are significant. Organizations can lower helpdesk costs tied to password resets, reduce risks of breaches, and eliminate the need for separate tokens for digital and physical access. Some keys also support features like secure printing and time tracking – further reducing the number of devices required. This consolidation leads to better cost efficiency and streamlined IT operations.

How do FIDO security keys enhance user experience compared to other authentication methods?

They offer a seamless and user-friendly authentication experience. Users simply plug in the device and confirm with a touch or PIN, eliminating the need to remember complex passwords or wait for SMS codes. This reduces login friction and minimizes the risk of password fatigue or security shortcuts. Thanks to their portability and support for USB and NFC, they are also well-suited for use across multiple devices, including laptops and smartphones. The result is a more consistent, efficient, and secure login process that users are more likely to adopt and use correctly.

What are the potential challenges or barriers to implementing FIDO security keys?

Barriers may include initial hardware investment, user training, and integration with legacy systems. Some users may resist change or be unfamiliar with passwordless methods. However, these challenges are typically outweighed by long-term benefits in security and efficiency. As mentioned earlier, choosing multi-functional keys that integrate easily into existing workflows, such as those that combine digital and physical access, can ease adoption and maximize return on investment.

More about

Featured news

Resources

Don't miss

Cybersecurity news

HNS Daily

Daily newsletter sent Monday-Friday

HNS Newsletter

Weekly newsletter sent on Mondays

InSecure Newsletter

Editor's choice newsletter sent twice a month

Breaking news

Periodical newsletter released when there is breaking news

Cybersecurity jobs

Weekly newsletter listing new cybersecurity job positions

Open source

Monthly newsletter focusing on open source cybersecurity tools

I have read and agree to the terms & conditions