FIDO advances passwordless future
Authenticate 2022, held Oct. 17 to 19, at the Sheraton Grand Seattle, drew approximately 500 on-site and 400 virtual attendees from the global identity community. Hosted by FIDO Alliance with signature sponsors Google, Microsoft, Visa and Yubico, the three-day event highlighted advanced approaches to online and mobile authentication in exhibits, live demos, keynote presentations, and interactive breakout and networking sessions.
In opening remarks, Andrew Shikiar, executive director at FIDO Alliance, welcomed service providers, enterprises, users, compliance specialists and software developers, all of whom, he noted, are part of FIDO’s expanding global ecosystem. The FIDO standard is designed to improve ease of use, privacy, security and standardization by reducing password reliance to provide a trusted customer experience and drive online service consumption, revenue and profit.
FIDO 101
Scott Bingham, senior program manager at Microsoft, described authentication as the front door of the customer experience, a process he described as “ask, act, validate,” that proves rightful owners are requesting access.
“Hackers don’t break in; they log in,” he said, noting 99.9 percent of security breaches are password-only attacks, including phishing, smishing, social engineering, voice phishing and fake website redirects.
Alternatively, Bingham noted, multifactor authentication (MFA), combined with biometric gestures and secure cryptography, enhance security and deliver an easy-to-use, interoperable and trustworthy customer experience. These essential elements are repeatable, harmonized, documented methods, designed to help the FIDO standard scale, he added.
FIDO2, passkey
Leaders shared key learnings from passwordless journeys and collaborative efforts to evolve the FIDO standard from early hardware-centric models to FIDO2 and passkey, inclusive, omnichannel approaches designed to facilitate seamless authentication across multiple platforms and devices. Presentations examined various FIDO2 perspectives and use cases, including the following:
- John Callahan, CTO at Veridium: “A Gentle Introduction to Certification of a Cross-Platform FIDO2 Authenticator”
- Leszek Zalewski, senior security architect BNP Paribas Bank; Tomasz Kowalski, co-founder & CEO, Secfense: “Protect your company with FIDO2 authentication”
- Nick Steele, research lead, SuperLunar: “Streamlining Authentication: Going faster with FIDO2”
- Jiphun Satapathy, senior director, corporate security, Snowflake: “Implement FIDO2 for a cloud and SaaS first enterprise”
- Patrick Sullivan, CTO, security strategy, Akamai, “FIDO2 without compromise”
Additional presentations looked beyond devices and platforms to FIDO members’ and stakeholders’ focus on diversity and inclusion. Teresa Wu, vice president of innovation and client engagement at IDEMIA, moderated a panel titled “Diversity in Cybersecurity: Why Does it Matter?” Panelists included Rita Mounir, co-founder and COO, Allthenticate; Karen Larson, senior director, strategic alliances, Axiad; and Christina Hulka, executive director and chief operating officer, FIDO Alliance. Panelists noted cybersecurity affects everyone equally.
Christina Hulka agreed that multiple perspectives are vital to cybersecurity and FIDO as an organization. “I chair the Board and have to make sure everyone gets heard, regardless of their language,” she said. “This makes our organization that much more valuable to the world.”
Design, certification programs
Shikiar noted that FIDO Alliance provides conformance and interoperability testing, including security evaluation and testing and functional certifications for IoT device authentication. In addition, the FIDO Certified Professional program, launched in May 2022, offers different levels of security assurance in five professional domains: analysis, validation, design, deployment and education, he stated.
Kevin Goldman, chief experience officer at Trusona, and Allyson Wagner, senior user experience designer for IDEMIA, unveiled the FIDO Alliance Design System at the conference, which is described as a flexible and highly configurable framework designed to remove hundreds of hours from FIDO deployments.
The user experience has always been at the center of FIDO design, Goldman and Wagner noted.
“FIDO Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps,” Shikiar said, summarizing the top conference takeaway as “Deploy FIDO Alliance’s free and open standards and begin your passwordless journey today.”
Dale S. Laszig, vice president, content marketing at Mobile Marketing & Technology and managing director, DSL Direct, is a payments industry journalist and content strategist who writes for multiple trade journals and serves on the Electronic Transactions Association’s Cybersecurity Committee. Follow her on LinkedIn at https://www.linkedin.com/in/dalelaszig/ and @DSLdirect on Twitter.
This breaking news story originally appeared Oct. 21, 2022, in The Green Sheet: http://www.greensheet.