Thales FIDO and FIDO2 Security Keys
Passwordless authentication software
Identity management software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Thales FIDO and FIDO2 Security Keys and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Energy and utilities
- Public sector and nonprofit organizations
- Banking and insurance
What is Thales FIDO and FIDO2 Security Keys
Thales FIDO and FIDO2 Security Keys are hardware authenticators that support FIDO standards (including FIDO2/WebAuthn) to enable phishing-resistant, passwordless sign-in and strong multi-factor authentication. They are used by enterprises and regulated organizations to secure workforce access to operating systems, VPNs, and web applications, and can also be used for consumer account protection where supported. The keys provide cryptographic authentication bound to the physical device and typically integrate with identity providers and access management stacks that support FIDO2. Deployment commonly involves issuing and managing physical keys, including enrollment, recovery, and replacement processes.
Phishing-resistant authentication
FIDO2/WebAuthn authentication uses public-key cryptography and origin binding, which reduces exposure to credential phishing compared with OTP-based factors. Hardware keys can enforce user presence (touch) and can be used as a strong second factor or for passwordless flows where supported. This aligns well with security programs that require high-assurance authentication for privileged or remote access.
Standards-based interoperability
FIDO/FIDO2 is a widely adopted standard supported by modern browsers and many identity and access management platforms. This reduces reliance on proprietary authentication protocols and helps organizations use the same authenticator across multiple applications. It also supports a mix of passwordless and MFA deployments depending on application readiness.
Hardware-backed key protection
Private keys remain on the hardware authenticator rather than being stored on endpoints, which can reduce risk from malware and credential database compromise. Physical possession requirements add a tangible control for high-risk access scenarios. Hardware keys can also be used in environments where mobile push or SMS is not feasible or permitted.
Physical logistics and lifecycle
Organizations must procure, distribute, and track physical keys, which adds operational overhead compared with purely software-based authenticators. Lost or damaged keys require replacement and a recovery process that can impact user productivity. Programs typically need policies for spare keys, break-glass access, and secure issuance.
User experience varies by device
Compatibility and user experience depend on connector type (e.g., USB-A/USB-C/NFC) and endpoint support, which can complicate mixed device fleets. Some use cases require additional drivers or configuration depending on operating system and application. Users may also resist carrying an extra device, especially for low-risk applications.
Not a full IAM platform
Security keys provide an authenticator but do not replace identity governance, directory services, or customer identity management capabilities. Organizations still need an identity provider/access layer that supports FIDO2 and handles policies, provisioning, and session management. Advanced risk signals and adaptive authentication typically come from surrounding IAM tooling rather than the key itself.
Seller details
Thales Group
Meudon, France
1893
Public
https://www.thalesgroup.com/
https://x.com/thalesgroup
https://www.linkedin.com/company/thales/
