In 2020 Movenda earned the FIDO2 certification for its Egomet FIDO2 Authenticator, being the first certified Italian company by the FIDO Alliance.
FIDO2 cryptographic login credentials are unique across every website, never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft and replay attacks.
Users unlock cryptographic login credentials with simple built-in methods such as fingerprint readers or cameras on their smartphone. Consumers can select the communication channel that best fits their needs between Bluetooth and NFC.
Because FIDO cryptographic keys are unique for each internet site, they cannot be used to track users across sites. Plus, biometric data, when used, never leaves the user’s device.
Movenda Egomet FIDO2 enables passwordless authentication between Service Providers and users through an external authenticator situated into the user’s smartphone. The user simply pairs their phone with the laptop or desktop via Bluetooth or NFC. Since this moment the user can navigate to a website in a browser and use their phone providing a verification gesture (PIN, biometric, etc.) in order to sign in and/or authorize a single transaction, such as a payment or other financial transaction.
Movenda Egomet FIDO2 Authenticator supports versatile authentication options including passwordless and multi-factor authentication user experiences. It can fully replace vulnerable static username/password credentials with strong public/private-key credentials.
Egomet FIDO2 Authenticator creates strong, attested, scoped, public key-based credentials as requested by a web application, for the purpose of strongly authenticating users. These credentials cannot be reused, replayed, or shared across services, and are not subject to phishing and MiTM attacks or server breaches. Each of these public key credentials is scoped to a given WebAuthn Relying Party. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Egomet FIDO2 Authenticator is responsible for ensuring that no operation is performed without user consent. It provides cryptographic proof of its properties to Relying Parties via attestation.