jgrantindc

As the guy who used to run the digital identity team at NIST, I'm pretty comfortable saying that NIST and other governments (the UK, Australia, EU) all look at FIDO2...

Yes, all FIDO2 implementations require some sort of user verification - either a biometric or knowledge factor matched locally in the authenticator. NIST refers to these as Multifactor Cryptographic Authenticators....

Looping in David Turner - who leads technical and standards work for FIDO Alliance - to answer these. FIDO’s certification program addresses some of these issues - there are 900+...

Yeah, this gets into a level of implementation detail that is going to be hard to address. FIDO is a freely available standard and if someone wants to build their...