FIDO Alliance

Bleeping Computer: Okta – Hackers target IT help desks to gain Super Admin, disable MFA

Lori Glavin — Tue, 12 Sep 2023 15:53:31 +0000

Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users. To protect admin accounts from external actors, Okta recommends enforcing phishing-resistant authentication using Okta FastPass and FIDO2 WebAuthn.

The post Bleeping Computer: Okta – Hackers target IT help desks to gain Super Admin, disable MFA appeared first on FIDO Alliance.

Security Magazine: Embracing a company culture of cybersecurity starts at the top

Lori Glavin — Tue, 12 Sep 2023 15:50:35 +0000

Andrew’s byline where he discusses how cybersecurity needs to be a top-down movement, simplifying the process for employees so they do not end up with password fatigue. The culture change should come from leadership, working with the IT team and stakeholders, to ensure better cybersecurity.

The post Security Magazine: Embracing a company culture of cybersecurity starts at the top appeared first on FIDO Alliance.

Forbes: Cyber Autumn: Captivating Cybersecurity Conferences to Dive Into This October 2023

Lori Glavin — Fri, 01 Sep 2023 17:06:50 +0000

Authenticate 2023 is the go-to event for everything related to user authentication. Hosted by the FIDO Alliance, this unique conference is set to take place from October 16-18, 2023, at the Omni La Costa Resort in Carlsbad, CA, just north of San Diego. The conference is designed to give CISOs, business leaders, product managers, and security experts the know-how, tools, and best practices they need to implement state-of-the-art authentication across a range of applications.

The post Forbes: Cyber Autumn: Captivating Cybersecurity Conferences to Dive Into This October 2023 appeared first on FIDO Alliance.

The Verge: X Wants Permission to Start Collecting Your Biometric Data and Employment History

Lori Glavin — Fri, 01 Sep 2023 17:05:21 +0000

X Wants Permission to Start Collecting Your Biometric Data and Employment HistoryAccording to findings from app developer Steve Moser, X plans on rolling out support for passkeys, which can use your device’s fingerprint, facial recognition, or PIN to log in to your account. However, the FIDO Alliance — a nonprofit organization that advocates for the use of passkeys — says biometric data and processing “continues to stay on the device and is never sent to any remote server.”

The post The Verge: X Wants Permission to Start Collecting Your Biometric Data and Employment History appeared first on FIDO Alliance.

SC Media: 3 trends shaping cybersecurity: Passwordless authentication, securing the supply chain and AI

Lori Glavin — Fri, 01 Sep 2023 17:04:12 +0000

Passwordless authentication is one of those concepts that is finally having its day in the sun after Apple, Google and Microsoft came onboard last year, expanding their support for the passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. “The work that the FIDO Alliance has done to roll out passkeys, really positioning them as a strong way for consumers to start using and leveraging that strong PKI authentication, I think that is a really good step forward,” said Josh Cigna, enterprise solutions architect at Yubico.

The post SC Media: 3 trends shaping cybersecurity: Passwordless authentication, securing the supply chain and AI appeared first on FIDO Alliance.

IEEE Spectrum: Google Develops Quantum-Safe Security Keys

Lori Glavin — Fri, 01 Sep 2023 17:02:51 +0000

Google has developed a quantum-resilient way of implementing the FIDO2 security key standard, an increasingly popular method of authentication that’s used as an alternative to passwords. David Turner, senior director of standards development at FIDO Alliance, which manages password-free authentication standards, said post-quantum changes to security keys are expected to come with challenges.

The post IEEE Spectrum: Google Develops Quantum-Safe Security Keys appeared first on FIDO Alliance.

TechRadar: LinkedIn and X are planning to ditch passwords

Lori Glavin — Fri, 01 Sep 2023 17:01:32 +0000

Two of the biggest social media sites, X (formerly Twitter) and LinkedIn, are reportedly soon set to support passkeys, a way for users to log in to their accounts without using a password. According to discoveries made by iOS developer Steve Mosher, the two services contain code that suggest they will soon be compatible with the new technology, whose standards are governed by the FIDO alliance as set out in the FIDO2 specifications.

The post TechRadar: LinkedIn and X are planning to ditch passwords appeared first on FIDO Alliance.

Infosecurity Magazine: Microsoft warns of adversary-in-the-middle uptick on phishing platform

Lori Glavin — Fri, 01 Sep 2023 17:00:04 +0000

Microsoft has observed a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms, the company explained in a series of tweets posted on August 28, 2023. “This emphasizes the importance of MFA through methods like Microsoft Authenticator, FIDO2 security keys and certificate-based authentication in securing identities,” the company said.

The post Infosecurity Magazine: Microsoft warns of adversary-in-the-middle uptick on phishing platform appeared first on FIDO Alliance.

Cybersecurity Dive: Government investigation puts spotlight on password insecurity

Lori Glavin — Fri, 25 Aug 2023 16:41:23 +0000

When the U.S. Department of the Interior recently conducted an internal investigation into password security, the findings described a situation ripe for exploitation by enterprising cybercriminals. In his Washington Post column, Greenblatt illustrates how his department needs to move away from passwords. We can bolster security with passwordless authentication in the form of passkeys. It’s impossible to access a passkey-protected account without physical access to the end-user device.

The post Cybersecurity Dive: Government investigation puts spotlight on password insecurity appeared first on FIDO Alliance.

Computerworld: Managed Apple IDs, iCloud, and the shadow IT connection

Lori Glavin — Fri, 25 Aug 2023 16:39:30 +0000

One new addition will be the ability to sync iCloud Keychain, Apple’s de facto password and passkey management utility. It integrates with Apple’s biometric services, Touch ID and Face ID. This is a major potential boon for enterprises, particularly those adopting passkeys to replace passwords.

The post Computerworld: Managed Apple IDs, iCloud, and the shadow IT connection appeared first on FIDO Alliance.

Infosecurity Magazine: Why it’s time to kick the password habit

Lori Glavin — Fri, 25 Aug 2023 16:05:59 +0000

Andrew Shikiar discusses why passwords are so hard to give up, and why they should be replaced with passkeys for more security.

The post Infosecurity Magazine: Why it’s time to kick the password habit appeared first on FIDO Alliance.

Biometric Update: Authenticate 2023

Lori Glavin — Fri, 25 Aug 2023 15:59:56 +0000

It’s time to modernize your authentication! Organizations around the globe are embracing a new way to authenticate with FIDO standards, moving past passwords and legacy forms of multifactor authentication to provide users with passkeys for phishing-resistant sign-ins.

The post Biometric Update: Authenticate 2023 appeared first on FIDO Alliance.

HelpNet Security: Anticipating the next wave of IoT cybersecurity challenges

Lori Glavin — Fri, 25 Aug 2023 15:56:11 +0000

Ensuring a seamless integration of IoT with cybersecurity requires a strategic approach by technology leaders. Emphasizing secure bootstrapping, employing advanced, scalable onboarding standards such as FIDO onboarding device, and meticulously building a trusted supply chain are essential. Beyond these, it’s about creating a vigilant ecosystem where every component is not just included but examined for security integrity.

The post HelpNet Security: Anticipating the next wave of IoT cybersecurity challenges appeared first on FIDO Alliance.

FIDO Alliance: FIDO Alliance details agenda for Authenticate 2023, featuring keynote from Rachel Tobac, noted White Hat Hacker and SocialProof Security CEO

Lori Glavin — Fri, 04 Aug 2023 17:33:20 +0000

3-day program for FIDO Alliance’s flagship event on the future of user authentication includes 90+ sessions; Early Bird registration available through August 18

CARLSBAD, Calif., Aug. 3, 2023 /PRNewswire/ — The FIDO Alliance announced its keynote speakers and full agenda for Authenticate 2023, the only industry conference dedicated to all aspects of user authentication.

This year’s featured keynote will be presented by Rachel Tobac, white hat hacker and social engineering expert whose exploits have been featured on CNN, 60 Minutes and more. Additional keynote presentations providing diverse and global perspectives on modern authentication will be delivered by speakers from 1Password, Amazon, Google, Microsoft, Yubico and others.

The post FIDO Alliance: FIDO Alliance details agenda for Authenticate 2023, featuring keynote from Rachel Tobac, noted White Hat Hacker and SocialProof Security CEO appeared first on FIDO Alliance.

CyberSecurity Asean: FIDO APAC Summit Keynotes and Sponsors Announced

Lori Glavin — Fri, 04 Aug 2023 17:31:11 +0000

The FIDO Alliance today provided an updated list of speakers and sponsors for its first-ever FIDO APAC Summit, the premier event dedicated to advancing and promoting phishing-resistant FIDO authentication in the region. Co-hosted by the Ministry of Information and Communications (Vietnam), the summit will take place in Vinpearl Nha Trang, Vietnam, on 28 – 30 August 2023, and centers on the theme of “Connecting for a Safer Digital Future”.

The post CyberSecurity Asean: FIDO APAC Summit Keynotes and Sponsors Announced appeared first on FIDO Alliance.

Biometric Update: Biometric authentication accuracy bar rises, assurance levels evolve in NIST guidance

Lori Glavin — Fri, 04 Aug 2023 17:25:51 +0000

Biometrics performance requirements have been upgraded and identity assurance levels revised in the latest draft update to the U.S. National Institute of Standards and Technology’s Digital Identity Guidelines. NIST reviewed the changes so far, the numerous comments submitted about them, and possible further revisions in a recent webinar.

The changes to biometrics guidelines include a more stringent accuracy requirement for authentication to align with other standards advanced since the previous version was finalized in 2017.

The post Biometric Update: Biometric authentication accuracy bar rises, assurance levels evolve in NIST guidance appeared first on FIDO Alliance.

Computer Weekly: Going passwordless in online shopping

Lori Glavin — Fri, 04 Aug 2023 17:23:01 +0000

In the last few years, the FIDO Alliance, an open industry association, has helped businesses and users authenticate with maximum security and minimum friction. The WebAuthn standard provides the technological foundation by enabling brands to authenticate users with public key cryptography instead of a password.

The post Computer Weekly: Going passwordless in online shopping appeared first on FIDO Alliance.

Webinar: Inside Intuit’s FIDO Journey

Lori Glavin — Thu, 03 Aug 2023 15:31:59 +0000

Intuit is the global financial technology platform that powers prosperity for more than 100 million consumers and businesses around the world using TurboTax, Credit Karma, QuickBooks and Mailchimp. To execute on a user-centric focus, Intuit’s customer authentication products team, led by Rakan Khalid, Intuit Group Product Manager, Identity, justifies and prioritizes development of new authentication capabilities based on user research, security trends and technology advancements in the industry. This has led to an overarching strategy that emphasizes secure and convenient authentication experiences on its platform.

Intuit saw the potential of the FIDO Alliance early on and began a multi-year FIDO journey in 2018 to reduce customer friction and enhance security – all at lower operating costs. Join this webinar to learn why and how Intuit deployed FIDO, the challenges faced and benefits achieved, and get a sneak peek into how Intuit plans to leverage passkeys to further enhance its FIDO rollout!

The post Webinar: Inside Intuit’s FIDO Journey appeared first on FIDO Alliance.

FIDO Alliance Details Agenda for Authenticate 2023, Featuring Keynote from Rachel Tobac, Noted White Hat Hacker & SocialProof Security CEO

Lori Glavin — Thu, 03 Aug 2023 11:56:37 +0000

3-day program for FIDO Alliance’s flagship event on the future of user authentication
includes 90+ sessions; Early Bird registration available through August 18

Carlsbad, Calif., August 3, 2023 – The FIDO Alliance announced its keynote speakers and full agenda for Authenticate 2023, the only industry conference dedicated to all aspects of user authentication.

Authenticate 2023 will be held at the Omni La Costa Resort and Spa and from October 16-18, 2023 – with virtual attendance options for those unable to be there in person. Now in its fourth year, the event is focused on providing education, tools and best practices for modern authentication across web, enterprise and government applications. CISOs, security strategists, enterprise architects and product and business leaders are invited to register at https://authenticatecon.com/event/authenticate-2023/.

In response to its rising popularity, the conference now includes 90+ sessions from 125 speakers spread across three content tracks — as well as interactive half-day workshops for developers and user experience leads. Speakers from Alibaba Group, Fox Corporation, GitHub, Intuit, Mercari, Pinterest, Salesforce, Starbucks, Shopify, Target and others will deliver a diverse set of sessions, detailed case studies, technical tutorials and expert panels. Attendees will also benefit from a dynamic expo hall and networking opportunities whether attending in-person or virtually.

Sponsorship Opportunities at Authenticate 2023

Authenticate 2023 is also accepting applications for sponsorship, offering opportunities for companies to put their brand and products front and center with brand exposure, lead generation capabilities and a variety of other benefits for both on-site and remote attendees. To learn more about sponsorship opportunities, please visit https://authenticatecon.com/sponsors/.

There are a limited number of opportunities remaining. Requests for sponsorship should be sent to authenticate@fidoalliance.org.

About Authenticate

Authenticate is the only conference dedicated to all aspects of user authentication – with a focus on the FIDO standards-based approach. Authenticate is the place for CISOs, security strategists, enterprise architects, product and business leaders to get all the education, tools and best practices to embrace modern authentication across enterprise, web and government applications.

Authenticate is hosted by the FIDO Alliance, the cross-industry consortium providing standards, certifications and market adoption programs to accelerate utilization of simpler, stronger authentication.

In 2023, Authenticate will be held October 16-18 at the Omni La Costa Resort and Spa in Carlsbad, CA and virtually. Early bird registration discounts are available through August 18, 2023. Visit w ww.authenticatecon.com for more information and follow @AuthenticateCon on Twitter.

Signature sponsors for Authenticate 2023 are 1Password, Google, Microsoft and Yubico.

Authenticate Contact
authenticate@fidoalliance.org

PR Contact
press@fidoalliance.org

The post FIDO Alliance Details Agenda for Authenticate 2023, Featuring Keynote from Rachel Tobac, Noted White Hat Hacker & SocialProof Security CEO appeared first on FIDO Alliance.

FIDO APAC Summit Keynotes and Sponsors Announced

Lori Glavin — Thu, 03 Aug 2023 10:08:20 +0000

The exclusive event on 28-30 August in Vietnam will feature content and insights, provided by cybersecurity experts—including a former convicted hacker—that focus on best practices for passwordless authentication implementations.

Singapore, August 1, 2023 — The FIDO Alliance today provided an updated list of speakers and sponsors for its first-ever FIDO APAC Summit, the premier event dedicated to advancing and promoting phishing-resistant FIDO authentication in the region. Co-hosted by the Ministry of Information and Communications (Vietnam), the summit will take place in Vinpearl Nha Trang, Vietnam, on 28 – 30 August 2023, and centers on the theme of “Connecting for a Safer Digital Future”.

With hundreds of attendees expected, the summit will feature more than 25 VIP guests and speakers from the APAC region. Hieu Minh Ngo, a former hacker turned cybersecurity specialist, will be joining these prominent industry leaders to discuss the latest developments and share best practices. Drawing on his insider knowledge of cybercriminal tactics, Hieu offers insights into common cybersecurity traps and vulnerabilities, and how passwordless authentication technologies can boost organizations’ defenses against hackers.

“As a former hacker turned cybersecurity specialist, I know firsthand how cybercriminals are always looking for loopholes to exploit for their gain. That is why it is imperative for organizations to ensure a robust cybersecurity strategy to safeguard users online,” said Hieu. “Embracing passwordless authentication can offer the highest levels of security and mitigate potential cyber threats from malicious hackers. I am excited to be part of the FIDO APAC Summit 2023 to share my experiences on how going passwordless can thwart phishing attacks and impart valuable lessons to attendees.”

Regional Cybersecurity Thought Leaders

The keynote speakers at the FIDO APAC Summit include:

Nguyen Huy Dung, Deputy Minister of Information and Communications (Vietnam)
Andrew Shikiar, Executive Director of FIDO Alliance
Do Ngoc Duy Trac (Simon), CEO of VinCSS

The summit will also feature case studies and tutorials delivered by industry experts from government organizations and leading technology companies, including:

Hieu Minh Ngo, Threat Hunter, NCSC Viet Nam & Co-founder of Chongluadao.vn
Khanit Phatong, Senior Management Officer, Thailand Electronic Transactions Development Agency
Teresa Wu, Vice President, Smart Credentials – Civil Identity IDEMIA Identity & Security North America
Paul Heim, Director, FIDO Alliance
Sea Chong Seak, CTO of SecureMetric
Alex Wilson, Director Engineering, Yubico
Dovlet Tekeyev (Dave), Director, AirCuve
Hyung Chul Jung, Head of Security Engineering Group, Samsung Electronics
Eiji Kitamura, Developer Advocate, Google
Gautam Pande, Vice President, Identity Solutions, Asia Pacific, Mastercard
Masao Kubo, Manager, Product Design Department, Smart Life Business Company, NTT DOCOMO
Henry (Haixin) Chai, CEO of GMRZ Technology, Lenovo
Cuong Tran, CTO, Pavana
Thang Phan, Passwordless Transformation Lead, VNPAY
Truong Nguyen, Back End Developer, PayPay Corporation
Naohisa Ichihara, CISO, Mercari
Jaebeom Kim, Principal Researcher, Telecommunications Technology Association

The updated list of speakers can be found here.

In addition, the APAC Summit will feature a busy expo hall, with demo booths from VinCSS, Securemetric Technology, Yubico, AirCuve, CyStack, iProov, Thales, ISR, SMARTdisplayer Technology, and TrustKey.

Event Registration and Sponsorship Opportunities

Attendance is free of charge. For more information and to register your interest in the summit, please visit the website here.

“The FIDO Alliance is excited to host its first Asia-Pacific Summit 2023 in Vietnam, which will feature content presented by some of the brightest minds in authentication from around the world,” said Andrew Shikiar, executive director & CMO of the FIDO Alliance. “As cyber attacks continue to grow in volume and sophistication, it is more important than ever for companies to put passwords in the rear view mirror in favor of passkeys — which present a user-friendly alternative based upon FIDO standards.”

At the initial announcement of the event, Deputy Minister of Information and Communications (Vietnam), Nguyen Huy Dung said, “We are delighted to take part in organizing this event. We fully endorse the adoption of passwordless authentication technology to secure Vietnam’s digital economy. Our aspiration is to foster connections and collaborations with the FIDO Alliance and other APAC region countries for a safer digital future.”

Registrations are now open to the public. While the event is offered free of charge, all delegates are required to book a minimum of three nights at the event venue, Vinpearl Resort Nha Trang. For more information and to register your interest in the summit, please visit the website here.

For companies interested in sponsorship opportunities, please contact events@fidoalliance.org.

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

PR Contact
press@fidoalliance.org 

APAC Media Contact
Evelyn Owen & Farah Aqilah
FINN Partners on behalf of FIDO Alliance
yingFIDO@finnpartners.com
+65 9109 6954

The post FIDO APAC Summit Keynotes and Sponsors Announced appeared first on FIDO Alliance.

Heise: We have just reached the turning point

Lori Glavin — Fri, 28 Jul 2023 15:41:29 +0000

Andrew Shikiar is Executive Director of the FIDO Alliance, which developed the Passkeys login process. In an interview with c’t, he answers all the questions that came to us during testing.

The post Heise: We have just reached the turning point appeared first on FIDO Alliance.

Teiss: The rise and rise of passkeys in the tech industry

Lori Glavin — Fri, 28 Jul 2023 15:40:34 +0000

Andrew Shikiar, Executive Director and CMO at FIDO Alliance asks in his byline: why are we still being passive-aggressive about passwords?

The post Teiss: The rise and rise of passkeys in the tech industry appeared first on FIDO Alliance.

Connect-living: Keys instead of passwords: This is how a secure login with an access key works

Lori Glavin — Fri, 28 Jul 2023 13:32:24 +0000

Phishing and other attacks usually have one goal: passwords. So the world could be a better place without passwords. There have already been several attempts to bury the passwords. All have failed – due to the complexity, the costs for hardware keys, for example, or the inconvenient use. The new approach with FIDO2 and Passkeys sounds more promising. By the way, FIDO stands for Fast Identity Online.

The post Connect-living: Keys instead of passwords: This is how a secure login with an access key works appeared first on FIDO Alliance.

News-24: How passkeys will open the door to a more secure and passwordless future

Lori Glavin — Fri, 28 Jul 2023 13:31:22 +0000

More than 24 billion usernames and passwords were available on the dark web last year, a 65% increase since 2020, according to research by Digital Shadows, a digital risk protection company. To this end, the cybersecurity industry is striving to adopt solutions that would eliminate the need for passwords altogether. The latest technology uses what is known as passkeys.

The post News-24: How passkeys will open the door to a more secure and passwordless future appeared first on FIDO Alliance.

B2B Cybersecurity: Effortless authentication with passkeys

Lori Glavin — Wed, 26 Jul 2023 15:30:46 +0000

Passkeys are easier to use than many traditional authentication methods. They are also resistant to phishing, which allows users to consistently and securely log in to supported websites. The passwordless technology, first introduced in 2022, is based on industry standards from the World Wide Web Consortium (W3C) and the FIDO Alliance and is supported by Apple, Google, Microsoft, Paypal, eBay and others.

The post B2B Cybersecurity: Effortless authentication with passkeys appeared first on FIDO Alliance.

Biometricupdate.com: 1Password, Microsoft move to biometric authentication

Lori Glavin — Wed, 26 Jul 2023 15:29:39 +0000

1Password and Microsoft are among vendors moving to passwordless login, switching to phishing-resistant biometric passkeys. In a blog post, 1Password announced a private beta test for passkey account access on iOS and iPadOS.

The post Biometricupdate.com: 1Password, Microsoft move to biometric authentication appeared first on FIDO Alliance.

9TO5Mac: 1Password will soon let users unlock password vaults with passkeys

Lori Glavin — Thu, 20 Jul 2023 17:34:31 +0000

Popular password manager 1Password teased in June that native support for passkeys is coming to the iPhone and iPad app with iOS 17. Now 1Password is taking another big step toward a world without traditional passwords, this time replacing the key to users’ password vaults. Soon, 1Password users will be able to unlock their vaults using just a passkey.

The post 9TO5Mac: 1Password will soon let users unlock password vaults with passkeys appeared first on FIDO Alliance.

IT Brew: Enterprises and developers play leading role in passwordless future

Lori Glavin — Tue, 18 Jul 2023 15:52:13 +0000

Many industry pros are increasingly channeling their inner Bill Gates in 2004 and predicting the decline of the password. The PW prognosticating demonstrates some confidence in the IT world that a passwordless infrastructure is now sufficiently in place. “The most notable shift over the past couple of years has been that every major platform vendor is now supporting open standards for passwordless authentication that are in their flagship operating systems. So, this means for the first time that virtually every modern computing device has the capability to support passwordless authentication,” said Andrew Shikiar, executive director and chief marketing officer at FIDO.

The post IT Brew: Enterprises and developers play leading role in passwordless future appeared first on FIDO Alliance.

Engadget: What the hell are passkeys and why are they suddenly everywhere?

Lori Glavin — Tue, 18 Jul 2023 15:51:08 +0000

Passkeys promise a future without passwords, where we access our accounts as easily as we unlock our phones, with a much higher level of security. “It’s the closest to something that can be scaled to get rid of passwords that we’ve ever seen,” said Megan Shamas, senior director of marketing at industry association FIDO Alliance. A passkey is a digital authentication credential that is securely stored on your device. Instead of what Shamas called a “shared secret” method of passwords, passkeys are a unique key pair for every online service you use bound to the domain.

The post Engadget: What the hell are passkeys and why are they suddenly everywhere? appeared first on FIDO Alliance.

heise: Passwordless login to GitHub: Passkeys in beta

Lori Glavin — Tue, 18 Jul 2023 15:47:26 +0000

GitHub takes another step to replace passwords as a login method and brings passkeys into public beta. Passkeys are the FIDO Alliance’s latest move to simplify secure logins on the Internet – they are intended to solve many of the everyday problems that U2F and FIDO2 hardware tokens bring with them.

The post heise: Passwordless login to GitHub: Passkeys in beta appeared first on FIDO Alliance.

Cashy’s Blog: TikTok now also supports passkeys for login on iOS

Lori Glavin — Tue, 18 Jul 2023 15:46:28 +0000

The short video platform TikTok has announced that it will also be possible to log in with passkeys – on iOS devices. At the same time, it is confirmed that TikTok has now become a member of the FIDO Alliance. Passkeys replace traditional passwords and use encrypted biometric data already stored on your device. They are not processed directly by third-party apps – not even by TikTok.

The post Cashy’s Blog: TikTok now also supports passkeys for login on iOS appeared first on FIDO Alliance.

B2B Cyber Security: Best practices for zero trust

Lori Glavin — Fri, 07 Jul 2023 12:43:12 +0000

Replacing traditional MFA with strong, passwordless authentication methods allows security teams to build the first layer of their Zero Trust architecture. Replacing passwords with FIDO-based passkeys that use asymmetric cryptography, and combining them with secure device-based biometrics, creates a phishing-resistant MFA approach.

The post B2B Cyber Security: Best practices for zero trust appeared first on FIDO Alliance.

ComputerWeekly: The management level in companies must actively live IT security

Lori Glavin — Fri, 07 Jul 2023 12:42:16 +0000

FIDO Alliance’s Andrew Shikiar shares his view on how cyber security is often viewed as a purely technical issue. In this article, he underlines how important security should be firmly integrated into the corporate culture, especially from the management level.

The post ComputerWeekly: The management level in companies must actively live IT security appeared first on FIDO Alliance.

Silicon: Passwordless: an innovative approach to securing access

Lori Glavin — Fri, 07 Jul 2023 12:27:27 +0000

Most of the major players in the sector (Microsoft, Google and Apple in particular) have started to join forces on the subject to think about the technical solutions thanks to which Passwordless could be achieved in future years. FIDO Alliance, WebAuthn and proposed authentication factors, find out what Passwordless is all about.

The post Silicon: Passwordless: an innovative approach to securing access appeared first on FIDO Alliance.

MobileID World: FIDO white papers explain how to use passkeys in the enterprise

Lori Glavin — Thu, 06 Jul 2023 13:58:54 +0000

The FIDO Alliance has published a new set of papers aimed at offering guidance on how passkeys can be used across different enterprise environments.

The post MobileID World: FIDO white papers explain how to use passkeys in the enterprise appeared first on FIDO Alliance.

B2B Cyber Security: Best practices for zero trust

Lori Glavin — Thu, 06 Jul 2023 13:58:03 +0000

The post B2B Cyber Security: Best practices for zero trust appeared first on FIDO Alliance.

Gov Info Security: Feds urge healthcare providers, vendors to use strong MFA

Lori Glavin — Thu, 06 Jul 2023 13:56:18 +0000

HHS OCR is the latest federal agency pushing for more widespread adoption of multifactor authentication. Cybersecurity and Infrastructure Security Agency Director Jen Easterly last October during an address at a FIDO Alliance conference also urged technology vendors to “forcefully nudge” users into MFA.

The post Gov Info Security: Feds urge healthcare providers, vendors to use strong MFA appeared first on FIDO Alliance.

Intuit’s ROI from Passwordless Customer Authentication

Lori Glavin — Thu, 29 Jun 2023 14:18:45 +0000

Business Situation

Intuit is the global financial technology platform that powers prosperity for more than 100 million consumers and businesses around the world using TurboTax, Credit Karma, QuickBooks and Mailchimp. The company’s long- held commitment to Design for Delight principles has been a key ingredient of its success in fueling innovation across its products, services and customer touchpoints to create bold new AI and data-driven personalized experiences at scale.

To execute on a user-centric focus, Intuit’s customer authentication products team, led by Rakan Khalid, Intuit Group Product Manager, Identity, justifies and prioritizes development of new authentication capabilities based on user research, security trends and technology advancements in the industry. This has led to an overarching strategy that emphasizes secure and convenient authentication experiences on its platform.

Intuit saw the potential of the FIDO (Fast ID Online) Alliance early on and began a multi-year FIDO journey in 2018 to reduce customer friction and enhance security, at lower operating costs.

Business Challenges

Intuit set out to address several challenges when evolving its customer authentication strategy to serve a growing customer base across a diverse set of product offerings and user personas:

Customers experienced friction when logging on, which negatively impacted key business metrics.

Sign-in times (time to successful sign-in) were getting longer, and calls into customer care for account sign-in-related issues were increasing.
Product teams were challenged to balance ease-of-use and convenience for users with appropriate levels of security.

Business Objectives

The team set out to achieve the following business objectives for customer authentication across Intuit’s product portfolio:

Results and Benefits

Deliver a delightful and seamless customer authentication experience that “just works” across multiple devices.
Push the envelope on customer authentication technology to further enhance the security posture of Intuit.
Build a resilient, scalable, durable customer authentication capability for its current and future business needs.

OVERVIEW

“As an early adopter of FIDO, we’ve seen
significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”

Rakan Khalid, Intuit Group Product Manager, Identity

Intuit was able to reduce customer friction, resulting in authentication success rates of 95% to 97% and 70% faster sign-in speeds.

FIDO Authentication Deployment – Measured Steps

Intuit implemented a FIDO-based customer authentication solution in line with the FIDO Alliance’s founding members’ goals. FIDO protocols are based on an asymmetric cryptographic authentication framework designed to enhance security, provide a better user experience (compared to traditional passwords) and reduce cost and complexity.

Although FIDO is an open standard, the expertise required to code and deploy a scalable FIDO solution for millions of consumer and small business customers led Intuit to license a FIDO authentication platform.

Intuit selected the Nok Nok^TMS3 Authentication Suite (S3 Suite) for its advanced FIDO features and capabilities; optional on-prem deployment model; and speed, scale, and resilience, which was validated by Nok Nok enterprise customers.

Intuit’s authentication team placed a high priority on working with a FIDO leader with deep and relevant experience in customer authentication and therefore well-equipped to keep pace with industry progress with this fast- evolving technology.

Build vs. Buy: Intuit recognized that the company would benefit from the expertise of a vendor with experience working with other major companies on its authentication journey, and enjoy access to innovative product enhancements along the way.

Progressive Deployment: Intuit opted to deploy Nok Nok’s customer authentication solution across multiple apps in a controlled and measurable manner:

Intuit’s authentication team initially tested Nok Nok’s FIDO passwordless customer authentication on the mobile iOS version of an Intuit product with a small customer base.

Over the next few months, the team rolled out Nok Nok’s FIDO passwordless solution on mobile iOS and Android platforms for a broader customer base on multiple Intuit products.

The team added FIDO as an option to Intuit’s passwordless customer onboarding flow, which improved onboarding conversion rates and reduced subsequent sign-in times.
Over the last 5 years, Intuit has grown its total FIDO registrations to over 77 million.

Authentication Solution Delivers on Business Objectives

Intuit has been able to achieve all of its business objectives, while simultaneously addressing new use cases for a growing customer base:

Delightful Customer Sign-in – FIDO-based multi-factor authentication (MFA) for customer sign-in dramatically improves and simplifies the user sign-in experience because it’s completed in a single user step. This reduces the need for a multi-step authentication process (e.g., password, texting one-time passcodes). Using FIDO, Intuit users are presented with a seamless, passwordless flow using device-based platform authenticators, such as biometrics with which they’re already comfortable.

Today, more than 85% of all customer authentications on Intuit’s mobile apps are now done using FIDO

Enhanced Customer Security – When FIDO authentication is used, it eliminates the passing of passwords and one-time tokens between apps and services, which can reduce the risk of interception attacks.
Global Scale – Since Nok Nok’s S3 platform is trusted by some of the largest banks, telcos and fintech brands across five continents and has been proven to scale across demanding customer environments, it’s given Intuit the confidence that it will continue to scale with the company’s future growth to match uptime and authentication speeds.

Business Results

By deploying a passwordless solution for customer authentication, Intuit was able to reduce customer friction, thereby reducing operating expenses. Users who adopted the FIDO passwordless authentication option experienced authentication success rates of 95% to 97% when compared to a baseline of 80% for legacy multi-factor authentication and 70% faster sign-in speeds over non-FIDO sign-ins.

Looking Ahead

Over the past several years, Intuit has experienced the power of FIDO customer authentication for its consumer and small business customers, and validated its benefits with its product, technology, security, user experience and customer care teams. Looking ahead, the company intends to explore multi-device passkey technology as the next frontier on its authentication journey.

Read the full CaseStudy

The post Intuit’s ROI from Passwordless Customer Authentication appeared first on FIDO Alliance.

White Paper: High Assurance Enterprise FIDO Authentication

Lori Glavin — Tue, 27 Jun 2023 13:11:14 +0000

This white paper addresses specific considerations for determining the appropriate type of passkey for enterprises that require high levels of identity assurance, have internal security policies, or need to meet regulatory requirements.

The post White Paper: High Assurance Enterprise FIDO Authentication appeared first on FIDO Alliance.

White Paper: FIDO Authentication for Moderate Assurance Use Cases

Lori Glavin — Tue, 27 Jun 2023 13:10:20 +0000

This white paper provides guidance for organizations as they analyze the abilities and features of both device-bound passkeys and synced passkeys to determine how both credential types can be utilized in a moderate assurance environment. The paper compares features and requirements that are supported by device-bound and synced passkeys, providing a vision of how both types of credentials can be utilized together in an organization that has moderate assurance needs.

The post White Paper: FIDO Authentication for Moderate Assurance Use Cases appeared first on FIDO Alliance.

White Paper: Replacing Password-Only Authentication with Passkeys in the Enterprise

Lori Glavin — Tue, 27 Jun 2023 13:09:30 +0000

This white paper describes the need for a more secure and convenient solution for authentication. Passwords have long been the standard for authentication, but the risks inherent to passwords reduce their efficacy as an authentication mechanism. Multi-factor authentication (MFA) solutions have been on market for some time, but their widespread adoption has been slow due to various barriers. Passkeys are an authentication solution that reduces the adoption barriers of traditional MFA mechanisms, while offering improved security, ease of use, and scalability over passwords and classic MFA solutions. Passkeys utilize on-device biometrics or PINs for authentication and provide a seamless user experience. This white paper outlines the benefits of passkeys, the user experience, and adoption considerations for enterprises.

The post White Paper: Replacing Password-Only Authentication with Passkeys in the Enterprise appeared first on FIDO Alliance.

White Paper: Introduction: Deploying Passkeys in the Enterprise

Lori Glavin — Tue, 27 Jun 2023 13:08:42 +0000

This introductory paper provides an overview of the benefits of passkeys in the enterprise and provides a glossary of common terms to be used in conjunction with the other papers in this series.

The post White Paper: Introduction: Deploying Passkeys in the Enterprise appeared first on FIDO Alliance.

FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise

Lori Glavin — Tue, 27 Jun 2023 11:56:36 +0000

Half-day virtual Authenticate Summit to educate on how passkeys can fit into a variety of enterprise environments

MOUNTAIN VIEW, Calif., June 27, 2023 – Passkeys are a gamechanger for signing to online services and apps, providing phishing-resistant security and easy user experience far superior to passwords and other phishable forms of authentication. Enterprises globally are interested in passkeys but may be wondering: how do I start? And “what type of passkey is right for my environment?”

The FIDO Alliance addresses these questions in a new series of papers providing considerations for leveraging passkeys across different enterprise use cases. The series was developed by the FIDO Alliance’s Enterprise Deployment Working Group (EDWG) and can be found at https://fidoalliance.org/fido-in-the-enterprise/.

The papers in the series are:

FIDO Deploying Passkeys in the Enterprise – Introduction
Replacing Password-Only Authentication with Passkeys in the Enterprise
FIDO Authentication for Moderate Assurance Use Cases
High Assurance Enterprise FIDO Authentication

A fifth paper in the series, “Displacing Password + SMS OTP Authentication with Passkeys,” is expected to publish later this summer.

“Passkeys are a new concept to many enterprise organizations, in terms of both terminology and FIDO authentication capabilities,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “These papers demystify synced and device-bound passkeys and provide the decision points for how to leverage them across a variety of use cases, whether they are using passwords alone, legacy MFA or FIDO-based solutions today. These papers provide a great foundation for anyone looking to understand how passkeys can increase their organization’s security posture, meet legal and regulatory requirements and decrease support and other costs associated with authentication.”

Get an Overview Live at Authenticate Virtual Summit: Considerations for Passkeys in the Enterprise

Those interested in this topic are encouraged to join the FIDO Alliance and members of its Enterprise Deployment Working Group on June 29, 2023 at 9:00 am PT / 12:00 pm ET for the free Authenticate Virtual Summit: Considerations for Passkeys in the Enterprise to learn how passkeys can fit into a variety of enterprise environments.

Sessions will cover introductory material, considerations across various use cases, and criteria to evaluate how synced passkeys and device-bound passkeys can meet varying legal, regulatory, and security requirements across enterprise environments.

Learn more and register for the free virtual summit at https://authenticatecon.com/event/passkeys-in-the-enterprise/.

About the Enterprise Deployment Working Group (EDWG)

The FIDO Alliance’s Enterprise Deployment Working Group (EDWG) aims to accelerate enterprise deployments of FIDO solutions and advance the FIDO Alliance’s vision for a strong, interoperable modern authentication ecosystem. The EDWG acts as a group of subject matter experts and internal advisors within the FIDO Alliance on issues affecting the deployment of FIDO solutions at the enterprise level. FIDO Alliance members interested in joining the EDWG can contact info@fidoalliance.org for information on how to participate.

About the FIDO Alliance

Contact
press@fidoalliance.org

The post FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise appeared first on FIDO Alliance.

Toyota Motor Corporation turns to FIDO Authentication for Enhanced Login in Japan

Lori Glavin — Mon, 26 Jun 2023 23:56:55 +0000

Corporate overview and challenge

As the “CASE” trend is gaining ground in the automotive industry, Toyota Motor Corporation, a leader and evolving company in the industry, is changing its model from a “car company” to a “mobility company”. In the area of “C: Connected,” Toyota is working to realize its vision of “Mobility for All – Freedom and Enjoyment of Mobility for All People,” and is developing a number of new services, including a “digital key” that allows the use of smartphones as keys, as well as a website and smartphone applications, for a wide range of users.

The “TOYOTA/LEXUS common ID” (“common ID”), a customer authentication service for safe and comfortable use of various services provided by Toyota, plays an important role in the provision of a series of services. The 5 million TOYOTA common IDs are linked to about 40 different services, and the multiple smartphone applications provided to customers required the input of IDs/passwords for each application.

FIDO 2 deployment

Toyota Motor Corporation has decided to deploy FIDO authentication as an optional authentication function for the “Common ID,” the major advantage of which is that by registering FIDO authentication credentials in advance, users will no longer need to go through the process of entering their ID/password each time they use each smartphone application.

Prior to deploying FIDO authentication, Toyota Motor Corporation had been using one-time password authentication and backup code authentication as a means of multi-factor authentication for common IDs. The main reason for choosing FIDO as one of the new options for multi-factor authentication this time was the consideration of the robust security and usability of FIDO authentication. By utilizing FIDO, which is a multi-factor authentication that involves possession using biometrics on the smartphone used in everyday life, a high level of security was ensured, and it also contributed to an improved user experience.

NRI Secure Technologies, Inc. (NRI Secure), which manages common IDs, has an authentication infrastructure called “Uni-ID Libra” that is compliant with FIDO authentication, and we requested their cooperation for implementation.

Until the introduction of FIDO authentication for iOS and Android devices, the differences in behavior depending on the OS (whether or not Discoverable Credential (formerly known as Resident Key) is supported, explicit user interaction during key registration is required for Safari for iOS, etc.) The issue was the impact on the UX.In the end, we were able to absorb the differences in UX by modifying the authentication web screen, and this led to a solution.

With this implementation, Toyota Motor Corporation has also focused on the importance of designing the life cycle of FIDO authenticators together. In providing services, it is necessary to prepare not only for authentication, but also for registration, device switching, and account recovery in case of loss. If other companies that provide services to consumers consider FIDO authentication, they should have a method that can maintain security strength when switching devices or recovering accounts.

OVERVIEW
Toyota Motor Corporation, headquartered in Toyota City, Japan, is Japan’s largest automobile manufacturer.

C (Connected):
IoT for automobiles

A (Autonomous):
Automated driving

S (Shared & Services):
From ownership to sharing

E (Electric):
Electric vehicles

“With the expansion of the connected strategy, the number of operations that can be carried out on smartphone applications and websites has been increasing. While convenient, they can also lead to accidents if misused, so more security measures are required. We believe that FIDO authentication will contribute as one piece to continue providing convenient and safe mobility services to our customers.”

Finally, Masatoshi Hayashi, Toyota Motor Corporation’s Connected Company Value Chain Infrastructure Development Department, who spoke with us about this case study, made the following comments.

(*) To obtain a common ID and register FIDO credentials, please visit https://id.toyota

Read the full case study (English)

Read the full case study (Japanese)

The post Toyota Motor Corporation turns to FIDO Authentication for Enhanced Login in Japan appeared first on FIDO Alliance.

FIDO Alliance Opens Registration for Its First-Ever Asia-Pacific Summit 2023 in Vietnam

Lori Glavin — Mon, 26 Jun 2023 00:01:07 +0000

The event will gather industry leaders, cybersecurity experts, and government representatives across the region to explore the latest developments in authentication technologies.

Singapore, June 26, 2023 — The FIDO Alliance announced today its first-ever FIDO APAC Summit 2023, the premier event dedicated to advancing and promoting phishing-resistant FIDO authentication in the region. The summit, co-hosted by Vietnam Ministry of Information and Communications, will take place in Vinpearl Nha Trang, Vietnam, on August 28 – 30, 2023.

For more information and to register your interest in the summit, please visit the website here.

The cybersecurity landscape in Asia-Pacific has undergone significant growth and transformation in recent years, driven by the rapid digitalization, increased internet penetration, and the rapid adoption of advanced technologies such as cloud computing, AI, and the Internet of Things (IoT). As businesses and governments become more reliant on digital infrastructure, cyber threats have grown increasingly sophisticated and widespread, resulting in a surge in prominent cyberattacks and data breaches. With Asia-Pacific accounting for 31% of all incidents globally in 2022, there is a crucial need for more robust authentication methods — and there is no better time than now for organizations to take the necessary steps forward.

The theme for this year’s event is “Connecting for a Safer Digital Future” which aims to highlight the importance of secure, phishing-resistant authentication methods, specifically focusing on FIDO standards and passkeys. The summit will bring together various industry leaders, cybersecurity experts, and government representatives from the region to discuss the latest developments and share best practices and success stories. Attendees can expect insightful keynote presentations, engaging panel discussions, comprehensive technical workshops, and ample networking opportunities.

“The FIDO Alliance is excited to host its first Asia-Pacific Summit 2023 in Vietnam. Around the globe, we are witnessing an increasing number of cyberattacks and scams stemming from weak or stolen credentials — and this is no different in the APAC region. Fortunately, there has been a steady momentum toward adopting passkeys based on phishing-resistant, FIDO authentication by organizations here to combat these threats,” said Andrew Shikiar, executive director of the FIDO Alliance. “Through this summit, we hope to facilitate knowledge sharing in the various areas of authentication, and we encourage anyone interested to learn more to join us.”

Deputy Minister of Vietnam’s Ministry of Information and Communications, Nguyen Huy Dung, said, “We are delighted to take part in organizing this event.” He emphasized, “We fully endorse the adoption of passwordless authentication technology to secure Vietnam’s digital economy.” He continued, “Our aspiration is to foster connections and collaborations with the FIDO Alliance and other APAC region countries for a safer digital future.”

The conference will feature more than 25 VIP guests and speakers from the APAC region, with over 300 attendees expected. Key summit speakers this year include member companies from the FIDO Alliance, such as VinCSS, Google, Mastercard, Samsung Electronics, NTT Docomo, SK Telecom, SecureMetric, AirCuve, ETDA and Thales, among many others.

About the FIDO Alliance

PR Contact

press@fidoalliance.org 

APAC Media Contact

Evelyn Owen & Farah Aqilah

FINN Partners on behalf of FIDO Alliance

yingFIDO@finnpartners.com

+65 9109 6954

The post FIDO Alliance Opens Registration for Its First-Ever Asia-Pacific Summit 2023 in Vietnam appeared first on FIDO Alliance.

heise online: Passwordless login: Apple ID automatically receives a passkey from iOS 17

Lori Glavin — Wed, 21 Jun 2023 19:37:05 +0000

Apple is pushing the Passkey train, which is intended to replace passwords. The passkey setup for iCloud & Co takes place automatically in Apple operating systems.

The post heise online: Passwordless login: Apple ID automatically receives a passkey from iOS 17 appeared first on FIDO Alliance.

Route Fifty: Passwordless security gains ground

Lori Glavin — Wed, 21 Jun 2023 19:33:52 +0000

In what it called the “beginning of the end of the password,” Google last month began rolling out its own passkeys, an effort that could help agencies go passwordless and embrace a “zero trust” approach with layers of authentication required. Google’s move could create a “positive snowball effect” away from passwords, said Andrew Shikiar, executive director of the FIDO Alliance, which works to develop open authentication standards.

The post Route Fifty: Passwordless security gains ground appeared first on FIDO Alliance.

Updated FIDO Alliance Specifications Adopted as ITU International Standards

Lori Glavin — Fri, 16 Jun 2023 12:43:19 +0000

MOUNTAIN VIEW, Calif., June 16, 2023 – The FIDO Alliance announced today that two of its specifications, FIDO UAF 1.2 and CTAP 2.1, are recognized as international standards by the International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T). This milestone establishes these standards as official ITU standards (ITU-T Recommendations) for the global infrastructure of information and communication technologies (ICT).

ITU-T is the standardization arm of ITU, the United Nations specialized agency for ICT. The FIDO Alliance specifications were approved as official ITU-T Recommendations by ITU members including national administrations and the world’s front-running ICT companies. The new ITU-T Recommendations are under the responsibility of ITU’s standardization expert group for security, ITU-T Study Group 17.

“The FIDO Alliance is improving online authentication through open standards based on public key cryptography that make authentication stronger and easier to use than passwords or one-time passcodes. One of the ways that we fulfill this mission is by submitting our mature technical specifications to internationally recognized standards groups like ITU-T for formal standardization,” said David Turner, senior director of standards development at the FIDO Alliance. “This recognition from ITU-T illustrates the maturity of FIDO authentication technology and complements our web standardization work with the World Wide Web Consortium (W3C).”

“Predecessors of these FIDO UAF and CTAP specifications were first adopted as ITU standards in 2018. ITU-T Study Group 17 will continue to strengthen its collaboration with the FIDO Alliance. These two FIDO Alliance specifications, adopted as ITU standards recently, are being widely used in various industries such as the financial sector to provide strong online authentication based on public key cryptography and various user verification methods,” said Heung Youl Youm, Chairman of ITU-T Study Group 17. “These new ITU standards will provide a concrete basis for the two FIDO specifications to be adopted across the 193 ITU Member States.”

“Our working group within ITU-T Study Group 17 was pleased to be able to collaborate with the FIDO Alliance to promote the standardization of state-of-the-art security technologies,” said Abbie Barbir, Rapporteur for ITU-T’s working group on ‘Identity management and telebiometrics architecture and mechanisms’ (Q10/17). “This work will help address and solve the security limitations of passwords and move the world closer to passwordless solutions.”

The specifications that are now ITU-T Recommendations are:

FIDO UAF 1.2 (Recommendation ITU-T X.1277.2). A mobile standard providing authentication without passwords by using biometrics and other modalities to authenticate users to their local device.
CTAP 2.1 (Recommendation ITU-T X.1278.2). Part of FIDO2 specifications along with the W3C Web Authentication standard, allows the use of external authenticators (FIDO Security Keys, mobile devices) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a passwordless, second-factor or multi-factor authentication experience.

For more information on the FIDO Alliance and FIDO authentication, visit http://www.fidoalliance.org.

For more information on ITU-T SG 17 visit https://www.itu.int/en/ITU-T/studygroups/2022-2024/17/Pages/default.aspx.

About the FIDO Alliance

About ITU-T SG 17

The ITU Telecommunication Standardization Sector (ITU-T) is one of the three Sectors (branches) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Communication Technology such as X.509 for cybersecurity, Y.3172 and Y.3173 for machine learning, and H.264/MPEG-4 AVC for video compression, between its Member States, Private Sector Members, and Academia Members.

FIDO Alliance Contact
press@fidoalliance.org

ITU Contact
tsbsg17@itu.int

The post Updated FIDO Alliance Specifications Adopted as ITU International Standards appeared first on FIDO Alliance.

PNC Uses FIDO Authentication to Reduce Security Risks, Improve User Experience

Lori Glavin — Wed, 14 Jun 2023 14:31:21 +0000

Why PNC Opted for FIDO

Security is of critical importance to PNC and its customers. PNC’s approach to provide digital services is founded on a strong commitment to privacy protection to those who use its services. Multi-factor authentication is a key component to protecting customer identities and data, and FIDO’s standard helped provide a roadmap to implementation.

As a result, PNC has been able to provide customers authentication options that are easy to use but still afford consistency in terms of protection. This translates into high-quality identity assurance to verify and validate that the right customer is enrolled and minimize the risk of impersonation.

“We needed to find a way to create a user-friendly mechanism to improve customer security without creating a burdensome process that required so many steps that it dissuaded customers from enrolling or engaging,” said Susan Koski, Chief Information Security Officer at PNC.

Benefits Realized

By using FIDO standards, PNC has been able to manage the authentication experience in such a way that it leverages the security features of a customer’s device, applying industry best practices for designing this identity protection mechanism. Ultimately, FIDO standards have been a core component to PNC’s cybersecurity strategy to minimize the risk of authorized access to customer credentials.

“We continue to identify ways to improve security for our customers, ultimately reducing the reliance on passwords and other phishable credentials from our ecosystem is a critical aspect to protecting our customers” Koski said.

OVERVIEW

PNC Financial Services is a coast-to-coast franchise with an extensive retail branch network and a presence in the country’s 30 largest markets. As one of the largest diversified financial services institutions in the United States and across four strategic international offices, PNC provides retail banking, corporate and institutional banking, and asset management. In a rapidly changing financial industry, PNC is focused on providing control and functionality that customers want – in a secure environment. To advance this goal, PNC has implemented FIDO authentication in specific use cases to help reduce security risks and improve user experience.

PNC Bank, National Association, is a member of The PNC Financial Services Group, Inc. (NYSE: PNC). PNC is one of the largest diversified financial services institutions in the United States, organized around its customers and communities for strong relationships and local delivery of retail and business banking including a full range of lending products; specialized services for corporations and government entities, including corporate banking, real estate finance and asset-based lending; wealth management and asset management. For information about PNC, visit www.pnc.com.

Download the PNC Bank Case Study

The post PNC Uses FIDO Authentication to Reduce Security Risks, Improve User Experience appeared first on FIDO Alliance.

FIDO Alliance Opens Registration for Authenticate 2023

Lori Glavin — Tue, 06 Jun 2023 11:59:13 +0000

Conference to feature expert-driven content on replacing passwords with passkeys; early bird discounts available through August 18

CARLSBAD, Calif., June 6, 2023 — The FIDO Alliance is pleased to announce registration is now open for Authenticate, the only industry conference dedicated to all aspects of user authentication – including a focus on passkeys and related FIDO-based solutions. Authenticate will be held October 16-18, 2023 at the Omni La Costa Resort & Spa in Carlsbad, CA, just north of San Diego – with virtual attendance options also available.

To register, visit https://authenticatecon.com/event/authenticate-2023/. Early bird registration discounts are available through August 18.

Aimed at CISOs, security strategists, enterprise architects, and product and business leaders, this is the fourth consecutive year that the FIDO Alliance is hosting the public conference. The annual event is specifically designed to share education, tools, and best practices for modern authentication across web, enterprise, and government applications.

“Passkeys are the hottest topic in digital identity and authentication as the world accelerates its efforts to put passwords in the rear-view mirror,” said Andrew Shikiar, executive director and CMO of FIDO Alliance. “Authenticate has rapidly established itself as a must-attend event for those interested in learning about how to apply passkeys and other cutting-edge authentication solutions to their business. Between the dozens of sessions and countless networking opportunities, Authenticate attendees will come away from this year’s conference with actionable insights to help accelerate their companies’ transition to a password-free future.”

Last year’s conference sold out for in-person attendance, welcoming over 950 total attendees in Seattle and remotely. The event featured more than 100 sessions with highly engaging content, plus a sold-out exhibit area with 30 industry-leading exhibitors and sponsors.

Authenticate 2023 will build upon this strong foundation and feature detailed case studies, technical tutorials, expert panels, and hands-on lab sessions aimed at helping educate attendees on business drivers, technical considerations, and overall best practices for deploying modern authentication systems. The full 2023 agenda will be published later this month. Attendees benefit again from a dynamic expo hall and engaging networking opportunities.

Sponsorship Opportunities at Authenticate 2023

Authenticate 2023 is accepting applications for sponsorship, offering a wide range of opportunities to provide broader brand exposure, lead-generation capabilities, and a variety of other benefits for both on-site and remote attendees. To learn more about sponsorship opportunities, please view the prospectus.

Sponsorship requests will be filled on a first-come, first-served basis; requests for sponsorship should be sent to authenticate@fidoalliance.org.

Signature sponsors for the 2023 event are 1Password, Google, Microsoft, and Yubico.

About Authenticate

Hosted by the FIDO Alliance, Authenticate is the industry’s only conference dedicated to all aspects of user authentication – including a focus on passkeys and FIDO-based solutions. It is the place for CISOs, business leaders, product managers, security strategists and identity architects to get all of the education, tools and best practices to roll out modern authentication across web, enterprise and government applications.

Authenticate 2023 will be held October 16-18, 2023 and will be co-located with the FIDO Alliance’s member plenary (running October 17-19) at the Omni La Costa Resort & Spa in Carlsbad, CA, just north of San Diego, with a bigger footprint for more attendees, sessions for all levels, a larger expo hall for companies bringing passwordless to fruition, and added opportunities for networking with your peers.

Whether you are new to FIDO, in the midst of deployment or somewhere in between, Authenticate 2023 will have the right content – and community – for you.

Visit www.authenticatecon.com for more information and follow @AuthenticateCon on Twitter. To receive updates about Authenticate events, sign up for the newsletter.

Authenticate Contact

authenticate@fidoalliance.org

PR Contact

press@fidoalliance.org

The post FIDO Alliance Opens Registration for Authenticate 2023 appeared first on FIDO Alliance.

Axiad Blog: FIDO Series Part 1: What is FIDO Passkey and Why is it Important?

Lori Glavin — Fri, 02 Jun 2023 18:01:39 +0000

Cybercrime is an enormous problem in today’s world and continues to grow at an exponential rate. In fact, according to Cybersecurity Ventures, the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to a whopping $10.5 trillion by 2025.

One of the main enablers for the escalation in cybercrime is the over-reliance on passwords. According to the FIDO (Fast Identity Online) Alliance, passwords are the root cause of more than 80% of data breaches. This is because passwords can easily be phished, intercepted in transit, and uncovered via a variety of attacks. Further, users are often overburdened with remembering passwords across, on average, 90 different online accounts. It’s no surprise then that 51% of people re-use non-complex passwords across multiple accounts. As a result, weak or re-used passwords are effortlessly accessed by criminals. So, rather than execute complex hacks, threat actors simply log in to accounts to execute cybercrimes. The good news is, there is a better way: passwordless authentication, also known as phishing-resistant Multi-Factor Authentication (MFA).

The post Axiad Blog: FIDO Series Part 1: What is FIDO Passkey and Why is it Important? appeared first on FIDO Alliance.

heise: Password: goodbye

Lori Glavin — Fri, 02 Jun 2023 16:13:38 +0000

Passkeys could replace the password. You are safe and the technology is in almost all operating systems and browsers. Now the providers are in demand.

The post heise: Password: goodbye appeared first on FIDO Alliance.

PYMNTS: Delegated authentication helps speed the shift to passwordless future

Lori Glavin — Fri, 02 Jun 2023 16:12:31 +0000

According to Jonathan Van der Merwe, group lead product manager at Entersekt, one of the biggest stumbling blocks toward a passwordless future is the technological and behavioral hesitations that come with it. Van der Merwe suggests that moving away from static passwords toward one-time passwords (OTPs), in-app authentication and fast identity online (FIDO) is the way forward. “Moving on to newer technologies like FIDO, which allows for federated authentication ID within the application that you’re using to authenticate yourself, is effectively using the application using your device, whether that’s a laptop, a PC, or a mobile device,” he told PYMNTS.

The post PYMNTS: Delegated authentication helps speed the shift to passwordless future appeared first on FIDO Alliance.

The Federal: Explainer: What are passkeys, how to get them, why they’re safer than passwords

Lori Glavin — Fri, 02 Jun 2023 16:10:58 +0000

Goodbye passwords, passkeys are here. Passwords are all set to be deleted and relegated into the recycle bin, as a more secure alternative has now been developed. Known as ‘passkeys’, they are the new more convenient and safer way to sign into your accounts across all your computing devices, including smartphones, sans your password.

The post The Federal: Explainer: What are passkeys, how to get them, why they’re safer than passwords appeared first on FIDO Alliance.

DocuSign Blog

Lori Glavin — Fri, 02 Jun 2023 16:09:07 +0000

Passkeys are the next evolution of login credentials. They replace hard-to-remember passwords and verify anyone’s identity with biometric information, providing an easier and more secure way to access apps and websites. Thanks to our partnership with Google, DocuSign customers can now take a step toward a passwordless future by using passkeys to log in on mobile devices and web browsers.

The post DocuSign Blog appeared first on FIDO Alliance.

Leaders: The slow phaseout of passwords

Lori Glavin — Fri, 02 Jun 2023 16:07:44 +0000

On the dark web, cybercriminals have developed markets where passwords are bought and sold. Ransomware attacks are often performed using stolen passwords, Axios reports. Passkeys are generally considered more secure than passwords because hackers would need both the user’s information and the information from the company. If 1Password’s beta testing is successful, its current business model will fade into obscurity, and modern-day passwords will be a relic of a past, less secure age.

The post Leaders: The slow phaseout of passwords appeared first on FIDO Alliance.

Security Brief: The FIDO Alliance releases UX guidelines all about passkeys

Lori Glavin — Fri, 02 Jun 2023 16:05:11 +0000

The FIDO Alliance has released new user experience (UX) guidelines to help accelerate deployment and adoption of passkeys. The FIDO Alliance UX Guidelines for Passkey Creation and Sign-ins aim to help online service providers design a better, more consistent user experience when signing in with passkeys, the company states.

The post Security Brief: The FIDO Alliance releases UX guidelines all about passkeys appeared first on FIDO Alliance.

SC Media: New passkey milestones ‘ready for prime time,’ says FIDO Alliance leader

Lori Glavin — Fri, 02 Jun 2023 16:02:40 +0000

At the 2023 Identiverse conference, the nonprofit standards organization FIDO Alliance unveiled its new user experience guidelines for passkeys, which are generated and stored securely on users’ devices after those individuals register for a web application or service via their biometric data or a PIN. Among the various benefits: Users do not have to remember any credentials, nor are they prone to losing them via phishing scams. Moreover, passkeys can be synched across multiple user devices without having to re-enroll each time.

The post SC Media: New passkey milestones ‘ready for prime time,’ says FIDO Alliance leader appeared first on FIDO Alliance.

FIDO Alliance Publishes Research-backed Guidelines for Optimizing User Sign-in Experience with Passkeys

Lori Glavin — Tue, 30 May 2023 22:24:52 +0000

LAS VEGAS, Nev., May 31, 2023 – The FIDO Alliance today released new user experience (UX) guidelines to help accelerate deployment and adoption of passkeys.

The FIDO Alliance UX Guidelines for Passkey Creation and Sign-ins aim to help online service providers design a better, more consistent user experience when signing in with passkeys. The guidelines are available at https://fidoalliance.org/ux-guidelines/.

Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. While far easier and more secure than passwords and legacy forms of 2FA, the research performed for these guidelines found that passkey sign-ins present a distinct user journey that service providers need to consider before providing passkey support. The FIDO Alliance UX Guidelines provide evidence-based best practices for key steps in the user journey for passkey creation and sign-in.

“As companies around the world accelerate their move toward passwordless authentication based on FIDO standards, the topic of user experience has risen to the forefront,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “Passkeys uniquely can provide a phishing-resistant sign-in as well as a superior user experience which can drive top-line growth by enabling more seamless access to online services and engendering stronger brand affinity. We encourage online service providers to use these guidelines in their journey to rolling out passkeys to ensure a consistent, thoughtful, and simple user experience for their users.”

Passkeys are supported in the vast majority of consumer devices: Apple and Google have readied their operating systems for service providers to enable sign-ins with passkeys that sync across devices; Windows 10 and 11 have long supported device-bound passkeys in Windows Hello – and passkeys from iOS or Android devices can also be used to sign into sites in Chrome or Edge on Windows.

Many leading service providers including Google, PayPal, Yahoo! Japan, NTT DOCOMO, CVS Health, Shopify, Hyatt, Instacart, Robinhood, Mercari and Kayak are providing their customers with passkey sign-ins.

“When it comes to providing passkeys to consumers, technical implementation is only one piece of the puzzle,” said Kevin Goldman, chair of the FIDO Alliance UX Working Group and Chief Experience Officer at Trusona. “Simply put, the UX is a critical component in helping consumers adopt passkeys as a password replacement. These guidelines are a carefully researched set of best practices that will help online service providers design a better, more consistent user experience when signing in with passkeys and ultimately maximize adoption.”

The guidelines were created by the FIDO Alliance UX Working Group in partnership with usability research firm Blink UX – with added underwriting support from 1Password, Google, Trusona and US Bank. This group collectively conducted formal research of FIDO user journeys and actively engaged with FIDO Alliance stakeholders to establish these UX best practices.

Learn more about the FIDO UX Guidelines for Passkeys at Identiverse 2023

Attending Identiverse? Learn more about the guidelines today, May 31, during the session “Optimizing UX for Passkeys” at 2:00 pm PDT.

Attend the Webinar Series

The FIDO Alliance is hosting a three-part webinar series to educate on the findings and best practices developed through the intensive research for the UX guidelines for passkeys. Attendees will get actionable tools to accelerate and optimize deployments of passkeys for consumer sign-ins.

Webinars include:

10 UX Guidelines for Passkeys (June 13, 2023 at 10am PDT / 1pm EDT)
Driving Adoption of Passkeys with UX (June 20, 2023 at 10am PDT / 1pm EDT)
UX and Content Strategy Workshop for Passkeys (June 27, 2023 at 10am PDT / 1pm EDT)

About the FIDO UX Working Group

In order to accelerate adoption of FIDO solutions and achieve the FIDO Alliance’s vision of helping reduce the world’s overreliance on passwords, the UX Working Group (UXWG) serves as subject matter experts and internal advisors within the FIDO Alliance on issues related to usability and UX. The FIDO Alliance UXWG is composed of 79 product, design, accessibility, marketing and technical leaders from 31 diverse companies. A full list of members who contributed to this project can be found in the guidelines.

About the FIDO Alliance

Contact
press@fidoalliance.org

The post FIDO Alliance Publishes Research-backed Guidelines for Optimizing User Sign-in Experience with Passkeys appeared first on FIDO Alliance.

Security Intelligence: CISA, NSA Issue New IAM Best Practice Guidelines

Lori Glavin — Wed, 24 May 2023 15:55:56 +0000

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. The most secure types of MFA include fast identity online (FIDO) and public key infrastructure (PKI).

The post Security Intelligence: CISA, NSA Issue New IAM Best Practice Guidelines appeared first on FIDO Alliance.

TechRadar.pro: Bitwarden now lets you create passkeys for your business apps

Lori Glavin — Fri, 19 May 2023 16:23:42 +0000

Bitwarden – in our view the best free password manager around – has announced Bitwarden Passwordless.dev, a toolkit to allow developers to integrate passkeys into consumer websites and enterprise applications.

The post TechRadar.pro: Bitwarden now lets you create passkeys for your business apps appeared first on FIDO Alliance.

Biometric Update: Consumers ready for passwordless technology and prefer biometrics; FIDO Alliance report

Lori Glavin — Fri, 19 May 2023 16:21:59 +0000

FIDO Alliance has published a report examining how the behavior, patterns and adoption of authentication technologies reflect the consumers’ readiness for passwordless technologies.

The post Biometric Update: Consumers ready for passwordless technology and prefer biometrics; FIDO Alliance report appeared first on FIDO Alliance.

The Verge: 1Password is finally rolling out passkey management

Lori Glavin — Fri, 19 May 2023 16:18:36 +0000

1Password customers are finally gaining partial access to the passwordless future we’ve been promised. Starting from June 6th this year, anyone with a 1Password account will be able to use it to save and manage their passkeys — a biometric-based login technology that allows users to ditch passwords in favor of their device’s own authentication. To access the open beta, you’ll need to download the 1Password beta browser extension for Safari, Firefox, or Chromium-based browsers (which include Chrome, Edge, Arc, and Brave). Support for passkeys on mobile is still in development and unavailable at this time.

The post The Verge: 1Password is finally rolling out passkey management appeared first on FIDO Alliance.

PC Mag: How to Set Up Passkeys for Your Google Account

Lori Glavin — Fri, 19 May 2023 16:15:21 +0000

Passkeys are easier to use and more secure than passwords, but getting started with them isn’t simple. We tell you how to set up and use passkeys for Google on all your devices.

The post PC Mag: How to Set Up Passkeys for Your Google Account appeared first on FIDO Alliance.

Fintech Finance News: Virtual Arena: Authentication in the World of Payments

Lori Glavin — Fri, 19 May 2023 16:14:10 +0000

Welcome back to another insightful Virtual Arena from FF News! In today’s episode, we’ll be taking a deep dive into the payments industry. As alternative payment methods and technologies continue to rise in prominence all over the world, the challenge of verifying the legitimacy of those payments only continues to grow. Today, we’ll be facing that challenge head-on with an in-depth discussion about authentication in the world of payments.

For this conversation, FF News’ Douglas Mackenzie is joined by Quentin Stephen of Giesecke + Devirent, Linda Weston of Barclaycard Payments and Andrew Shikiar of FIDO Alliance.

The post Fintech Finance News: Virtual Arena: Authentication in the World of Payments appeared first on FIDO Alliance.

Ars Technica: Passkeys may not be for you, but they are safe and easy—here’s why

Lori Glavin — Fri, 19 May 2023 16:12:41 +0000

My recent feature on passkeys attracted significant interest, and a number of the 1,100-plus comments raised questions about how the passkey system actually works and if it can be trusted. In response, I’ve put together this list of frequently asked questions to dispel a few myths and shed some light on what we know—and don’t know—about passkeys. This FAQ will be updated from time to time to answer additional questions of merit, so check back regularly. This author will not be monitoring or responding to comments going forward but can still be contacted through email.

The post Ars Technica: Passkeys may not be for you, but they are safe and easy—here’s why appeared first on FIDO Alliance.

IT Brew: At RSA, passkeys have the buzz

Lori Glavin — Fri, 19 May 2023 16:10:44 +0000

Google announced in early May that the company is moving accounts over to passkeys, a major move forward in the journey to a passwordless future.

The post IT Brew: At RSA, passkeys have the buzz appeared first on FIDO Alliance.

Video: FIDO Alliance Webinar: How to use FIDO with the EUDI Wallet

Lori Glavin — Thu, 18 May 2023 16:21:26 +0000

The EU Digital Identity (EUDI) Wallet, which is a core component of the emerging eIDAS2 regulation, is an area where the FIDO Alliance can provide support through its standards and credentials on authentication. The FIDO Alliance European Working Group and its EUDI Wallet subgroup have been actively supporting the EUDI Wallet initiative since 2021. This FIDO Alliance webinar will describe the FIDO EUDI Wallet subgroup and the potential technical solutions where FIDO may be used as an authentication standard for the EUDI Wallet.

The presentation covered the following FIDO use cases for the EUDI Wallet:

Enrollment of Person Identification Data to the EUDI Wallet with FIDO based eIDs
Issuance of (Qualified) Electronic Attested Attributes with FIDO based eIDs
The ISO 18013-5 mobile driving license
PSD2 Strong Customer Authentication
Access to remote QSCDs via the Cloud Signature Consortium API
Access to cloud wallets, such as the Findy Agency web wallet

Presenters included:

Rayissa Armata, senior head of regulatory affairs, IDnow
Sebastian Elfors, senior architect, IDnow
Megan Shamas, senior director of marketing, FIDO Alliance

The post Video: FIDO Alliance Webinar: How to use FIDO with the EUDI Wallet appeared first on FIDO Alliance.

Wired: The war on passwords enters a chaotic new phase

Lori Glavin — Tue, 16 May 2023 15:32:35 +0000

There was never a question that it would take years to transition the world away from passwords. The digital authentication technology, though deeply flawed, is pervasive and inveterate. Over the last five years, though, the secure-authentication industry association known as the FIDO Alliance has been making real progress promoting “passkeys,” a password-less alternative for signing into applications and websites.

The post Wired: The war on passwords enters a chaotic new phase appeared first on FIDO Alliance.

The Verge: 1Password is finally rolling out passkey management

Lori Glavin — Tue, 16 May 2023 15:31:21 +0000

1Password customers are finally gaining access to the passwordless future we’ve been promised. Starting from June 6th this year, anyone with a 1Password account will be able to save and manage their passkeys — a biometric-based login technology that allows users to ditch passwords in favor of their device’s own authentication.

The post The Verge: 1Password is finally rolling out passkey management appeared first on FIDO Alliance.

SC Magazine: The 2023 Identiverse Trends Report

Lori Glavin — Tue, 16 May 2023 15:30:30 +0000

Safety and security have long been at the heart of identity and access management, and indeed the trends report states that “indications are that there will be a renewed focus on access control, entitlements, and permissioning over the next few years.” In keeping with the trend of the death of passwords equaling better authentication, the Identiverse report also celebrates the deployment of passkeys, the Apple-Google-Microsoft system that lets you log into websites with a smartphone instead of a password. We ourselves have had some trouble using passkeys — and the report hints at “the successes and learnings of early deployments” — but there’s no denying that passkeys will be a major step toward a passwordless future.

The post SC Magazine: The 2023 Identiverse Trends Report appeared first on FIDO Alliance.

Find Biometrics: Identity News Digest

Lori Glavin — Tue, 16 May 2023 15:29:17 +0000

About 57 percent of US consumers expressed interest in using passkeys to replace passwords, according to new survey data from the FIDO Alliance. According to FIDO Executive Director and CMO Andrew Shikiar, that points to rapidly growing excitement, given that only 39 percent of survey respondents said they were familiar with the passkey concept in a FIDO survey released last October. Passkeys essentially store complex passcodes for a user’s various online accounts on their mobile device, locking them behind a PIN or biometric scan. Google recently launched passkey support for its own Account login process, garnering considerable media attention in the process.

The post Find Biometrics: Identity News Digest appeared first on FIDO Alliance.

PC Mag: How to set up passkeys for your Google account

Lori Glavin — Tue, 16 May 2023 15:27:14 +0000

Passkeys are intended to be more secure and easier to use than passwords. Instead of typing in a password (or letting a password manager do it) and verifying with a multi-factor authentication method, passkeys only require a trusted device and either biometric or PIN verification. Part of why passkeys seem likely to replace passwords is that they’re designed by a consortium called the FIDO Alliance and championed by Apple, Google, and Microsoft. These three companies have already baked support for passkeys into their browsers and ecosystems, which means that for the first time, there’s a viable alternative to passwords. That said, passkeys have yet to see widespread adoption.

The post PC Mag: How to set up passkeys for your Google account appeared first on FIDO Alliance.

The Wall Street Journal: Hate passwords? It’s time to try passkeys

Lori Glavin — Tue, 16 May 2023 15:17:56 +0000

I no longer need a password to sign into Google. From now on, it’s “Adios, passwords…Hello, passkeys!” Sort of. This new form of login is like a digital lock and key. For sites and apps run by financial institutions and other slower-moving, ultracareful services, the shift will take more time, said Andrew Shikiar. He’s executive director of the FIDO Alliance, which creates the standards for online authentication technology such as passkeys. But there are already dozens of services where you can use passkeys to sign in.

The post The Wall Street Journal: Hate passwords? It’s time to try passkeys appeared first on FIDO Alliance.

An Inflection Point in the Journey to Passwordless

Lori Glavin — Thu, 04 May 2023 11:53:31 +0000

Andrew Shikiar, FIDO Alliance Executive Director & CMO

Yesterday, Google announced support for simple and secure sign-ins with passkeys for all Google Account users. This is a huge milestone in our journey towards a passwordless future. Why?

It’s been only a year since Apple, Google and Microsoft announced their commitment to passkeys with plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. Since then, Apple and Google have readied their operating systems for service providers to enable sign-ins with passkeys that sync across devices; Windows 10 and 11 have long supported device-bound passkeys in Windows Hello – and passkeys from iOS or Android devices can also be used to sign into sites in Chrome or Edge on Windows.

Additionally, service providers like PayPal, Yahoo! Japan, NTT DOCOMO, CVS Health, Shopify, Mercari, Kayak, SK Telecom and more are committed to or already providing passkey sign-ins. Google now joins them, and will serve as a great way for large swathes of consumers to become familiar with passkeys, while also helping accelerate deployments from other service providers.

Consumer Readiness On the Rise
The growing number of service providers supporting passkeys matches a growth in consumer awareness and readiness.

According to a new survey released today by FIDO Alliance, over 57% of U.S. consumers said they are interested in using passkeys to replace passwords, compared with 39% who said they were familiar with the concept of passkeys in FIDO’s 2022 Online Authentication Barometer, released in October 2022.

Recovering or resetting passwords is one of the many hassles that consumers face. Only 9% of those surveyed report that they never need to recover their password – with 13% having to recover passwords daily or several times per week and nearly 60% reporting several password resets per quarter. It is little wonder then that 29% of consumers prefer signing in with biometrics (e.g. fingerprint or face scan) versus 19% who prefer to enter a password manually.

Passkeys are resistant to threats of phishing, credential stuffing and other remote attacks often used to take over online accounts. Based on the survey, approximately 65% of people who prefer to use biometrics to sign in would be interested in using a passkey and nearly half (45%) of people who prefer to use passwords to sign in would be interested in using a passkey. This is another clear signal telling us that consumers want less friction and greater ease of signing into their online accounts.

Passwords Create More Friction for Online Transactions

Consumers are tired of the hassle and complexity of passwords and are ready to embrace passkey sign-ins, which enable them to access online services simply and securely. Passkeys can help reduce shopping cart abandonment and turn the tide against the ongoing plague of data breaches and identity theft.

In addition to security implications, passwords continue to be costly for online retailers – according to the survey, nearly 60% of consumers said they have abandoned their carts due to a forgotten password in the past six months.

Simply put, passkeys stand to dramatically improve consumers’ online shopping experiences – as well as their service providers’ bottom lines.

Perceived Password Risk
Despite the large number of breaches and warnings, many consumers maintain poor password hygiene, unmoved by the risks passwords pose to their digital lives. According to the survey, 70% of people use passwords that are at least one year old. Despite the known risks of phishing attacks and other security breaches, the survey shows that 21% of respondents believe entering their password manually is the most secure authentication method.

Nearly 60% said they would not pay for increased security measures or official verification on social media platforms. Earlier this year, Twitter warned users they would lose the ability to secure access to their account via text message two-factor authentication unless they pay to subscribe to Twitter Blue. It seems clear from this data that consumers would naturally look to passkeys as a seamless and secure alternative.

To review the FIDO Alliance’s full survey results, click here.

What’s next?
Both the data and the increasing number of organizations rolling out passkeys shows that the future of authentication is here. But this does not mean the work is done. The FIDO Alliance and its members continue to iterate to improve the experience of passkeys. Be on the lookout for upcoming UX research and guidelines to further increase the adoption and usability of passkeys. The FIDO Alliance is also continuing to provide education, UX guidance, adoption perspectives and more through upcoming industry events. Attend our sessions at Identiverse and be sure to attend the FIDO Alliance’s conference, Authenticate, in Carlsbad, CA (or virtually) on October 16-18, 2023.

The post An Inflection Point in the Journey to Passwordless appeared first on FIDO Alliance.

Wired: Google is rolling out password-killing tech to all accounts

Lori Glavin — Wed, 03 May 2023 20:34:18 +0000

Google’s announcement of its passkey rollout comes on the eve of World Password Day on Thursday. But passkey proponents are ramping up their efforts to make the occasion obsolete.

“Eventually, it’s going to be like World Horse and Buggy Day, I think,” Shikiar says. “For the time being, it’s a good reminder of the challenge we have to get rid of passwords.”

The post Wired: Google is rolling out password-killing tech to all accounts appeared first on FIDO Alliance.

Video: Stronger Authentication; Stronger Identities: The State of the Industry’s Path to Passwordless

Lori Glavin — Mon, 01 May 2023 22:19:33 +0000

FIDO Alliance at Identity Management Day 2023

Everyone agrees it’s time to kill the password to better the overall identity ecosystem, but the question of “with what” makes things a bit trickier. FIDO Authentication standards are touted by the public and private sectors as the best tools to get us there.

This presentation will help you to understand the importance of the authentication piece of the identity puzzle, find out about the latest trends and standards for simpler and stronger authentication, and learn what we all need to do to reduce the world’s reliance on passwords on a global scale.

Speaker: Andrew Shikiar, Executive Director and CMO, FIDO Alliance

The post Video: Stronger Authentication; Stronger Identities: The State of the Industry’s Path to Passwordless appeared first on FIDO Alliance.

PC Mag: Misinformation, MFA Doubts, and AI: Everything We Saw at RSAC 2023

Lori Glavin — Mon, 01 May 2023 17:31:22 +0000

The RSA Conference further proved that passwords are a problem. The solution, we’re told, lies in using Passkeys, or cryptographic credentials that securely authenticate individuals without usernames or passwords and have multi-factor authentication (MFA) built-in. Several sessions at RSAC focused on the benefit of Passkeys, while also taking a look at the challenges still ahead.

The post PC Mag: Misinformation, MFA Doubts, and AI: Everything We Saw at RSAC 2023 appeared first on FIDO Alliance.

CIO Review: Nok Nok Partners With Carahsoft to Provide Phishing-Resistant MFA Solutions to Federal, State and Local Government Agencies

Lori Glavin — Mon, 01 May 2023 14:14:36 +0000

Nok Nok, a leader in passwordless authentication for the world’s largest organizations, today announced a partnership with Carahsoft Technology Corp. The Nok Nok S3 Authentication Suite is the first passwordless authentication platform based on FIDO standards that includes full support for both device-bound and synced passkeys and compliance solutions

The post CIO Review: Nok Nok Partners With Carahsoft to Provide Phishing-Resistant MFA Solutions to Federal, State and Local Government Agencies appeared first on FIDO Alliance.

Wealth Management: The Financial Industry’s 10 Most-Common Passwords

Lori Glavin — Mon, 01 May 2023 14:13:07 +0000

A new analysis by password manager NordPass stresses that major companies open themselves up to security risks by using passwords that lack creativity. While password trends slightly vary each year across different audiences, the general take is that people continuously fail with their password management, and the world desperately needs to switch to new online authentication solutions such as passkeys. Various progressive businesses such as Google, Microsoft, Apple, PayPal, KAYAK and eBay have already adopted passkey technology and are offering their users password-less logins. It is thought that in no time at all, other online companies will start following this trend.

The post Wealth Management: The Financial Industry’s 10 Most-Common Passwords appeared first on FIDO Alliance.

Biometric Update: FIDO Alliance paper positions protocol for EU Digital Identity Wallet authentications

Lori Glavin — Mon, 01 May 2023 14:08:27 +0000

The EU Digital Identity Wallet represents a significant growth opportunity for FIDO authentication, according to a new white paper from the FIDO Alliance. The 45-page white paper on ‘Using FIDO for the EUDI Wallet’ was written by IDnow Senior Architect Sebastian Elfors from the proceedings of the FIDO subgroup on the EUDI Wallet to help government agencies weigh the use of FIDO for the EUDI Wallet under the eIDAS2 regulation.

The post Biometric Update: FIDO Alliance paper positions protocol for EU Digital Identity Wallet authentications appeared first on FIDO Alliance.

Dark Reading: Twitter’s 2FA is a call for passkey disruption

Lori Glavin — Fri, 21 Apr 2023 14:55:15 +0000

Despite exciting progress toward more secure and usable factors, the best MFA mechanism for consumers really isn’t MFA at all — it’s passkeys. Passkeys are a FIDO authenticator with the advantage of being backed up to the cloud, so if you lose your device or buy a new one, all you must do is sign into your iCloud or Google Play account to recover your passkeys. Passkeys use public key cryptography and device biometrics, making them resistant to many known attacks, and are easy for the user.

The post Dark Reading: Twitter’s 2FA is a call for passkey disruption appeared first on FIDO Alliance.

The Fintech Times: Are passwords a thing of the past? A passwordless future: 1Password Report

Lori Glavin — Fri, 21 Apr 2023 14:54:12 +0000

There is a strong appetite amongst consumers for easier-to-use login experiences; according to human-centric security and privacy company 1Password – which has released its ‘Preparing for a Passwordless Future’ report. Andrew Shikiar, executive director and CMO of the FIDO Alliance, said: “Passwordless technology brings great benefits for companies and their customers alike—making it easier to securely access online services while greatly reducing fraud and user frustration. This has been the mission of the FIDO Alliance since day one, with authentication experts from hundreds of companies, including 1Password, collaborating to make this vision a reality with passkey sign-ins.”

The post The Fintech Times: Are passwords a thing of the past? A passwordless future: 1Password Report appeared first on FIDO Alliance.

Wired: The war on passwords enters a chaotic new phase

Lori Glavin — Fri, 21 Apr 2023 14:51:46 +0000

Over the last five years, though, the secure-authentication industry association known as the FIDO Alliance has been making real progress promoting “passkeys,” a password-less alternative for signing into applications and websites.

The post Wired: The war on passwords enters a chaotic new phase appeared first on FIDO Alliance.

White Paper: Using FIDO for the EUDI Wallet

Lori Glavin — Thu, 20 Apr 2023 14:43:14 +0000

This white paper describes the eIDAS2 ecosystem and how to use the FIDO standard with the EU Digital Identity (EUDI) Wallet.

This white paper is aimed at governmental agencies that are interested in using FIDO for the EUDI Wallet according to the eIDAS2 regulation. The intended readers are project managers, technical experts, and developers.

The post White Paper: Using FIDO for the EUDI Wallet appeared first on FIDO Alliance.

The Green Sheet: Passwordless future within reach, experts say

Lori Glavin — Fri, 14 Apr 2023 15:50:39 +0000

FIDO Alliance held a virtual conference to assess recent advancement in creating simpler, stronger, authentication methods. The half-day event included panel discussions and fireside chats with experts from Google, Microsoft, Amazon and leading global brands that support FIDO’s mission to create secure, scalable alternatives to passwords. In opening remarks, Andrew Shikiar, executive director of FIDO Alliance, stated that FIDO deployments have helped companies reduce fraud, lower operational costs and boost employee productivity. He additionally noted that companies are looking at top-line benefits of getting users online faster with greater satisfaction and reduced shopping cart abandonment.

The post The Green Sheet: Passwordless future within reach, experts say appeared first on FIDO Alliance.

AARP: Fraud fighters are working to keep scam “epidemic” at bay

Lori Glavin — Fri, 14 Apr 2023 15:49:41 +0000

Impressive new technology to fight fraud is emerging from businesses. The tech industry association called the FIDO Alliance is working toward replacing passwords — a key vulnerability — with more secure technologies, including biometrics. Executive Director Andrew Shikiar says this could be done for most online passwords within five years.

The post AARP: Fraud fighters are working to keep scam “epidemic” at bay appeared first on FIDO Alliance.

Digital Transactions: Why the password is going extinct

Lori Glavin — Fri, 14 Apr 2023 15:48:46 +0000

Usernames and passwords have been the most common authentication method for digitally accessing an account. However, passwords are vulnerable to compromise through a variety of attack vectors. “Passwords are fundamentally flawed, because they can be hacked, forgotten, and stolen,” says Andrew Shikiar, executive director and chief marketing officer for the FIDO Alliance. “It’s also tough to enter passwords on keyboardless devices. Plus, more than 80% of data breaches can be tracked back to passwords.”

The post Digital Transactions: Why the password is going extinct appeared first on FIDO Alliance.

Futura Sciences: AI breaks most passwords in less than a minute: here are the ones that stand up

Lori Glavin — Fri, 14 Apr 2023 15:47:37 +0000

Researchers from the cybersecurity company Home Security Heroes have trained an AI to decipher millions of passwords. It took less than a minute to find most of them. But the AI stumbles for some passwords. Passkeys are a way to strengthen security.

The post Futura Sciences: AI breaks most passwords in less than a minute: here are the ones that stand up appeared first on FIDO Alliance.

Compare the Cloud: The passwordless future

Lori Glavin — Fri, 14 Apr 2023 15:46:43 +0000

It’s nearly two decades since Bill Gates predicted the passing of the traditional username and password, warning that this archaic security combo simply wasn’t up to the task of keeping information safe and secure in the long term. Passwords will not be around forever and if we are ever to get serious about cyber security and the protection of data, we have to find another way. That’s one of the main reasons why passwordless authentication is gaining so much popularity as a more secure and convenient alternative to traditional passwords. And it seems the industry agrees. Tech giants Apple, Google, and Microsoft announced last May that they would support FIDO2 — authentication specifications based on public key cryptography and international standards — to enable passwordless authentication across devices.

The post Compare the Cloud: The passwordless future appeared first on FIDO Alliance.

Recap: Authenticate Virtual Summit: Authentication in Financial Services and Commerce

Lori Glavin — Tue, 04 Apr 2023 14:31:24 +0000

By: FIDO Staff

Passwords are everywhere with both enterprises and e-commerce organizations feeling the pain as much, if not more, than most.

At the Authenticate Virtual Summit: Authentication in Financial Services and Commerce on March 29, industry experts and practitioners outlined The FIDO Fit for Enterprise and Customer Sign-ins. Throughout the half-day event, the topic of passkeys was a primary theme, with speakers outlining how they work, where they fit in and why they are essential to helping the world move away from legacy passwords and less secure multi-factor authentication.

Andrew Shikiar, executive director and CMO of the FIDO Alliance opened the event with some insights on the many positive benefits that passkeys can bring to enterprise and commerce users. Those benefits include helping users to get online faster with higher levels of satisfaction. Passkeys may also be able to help improve the bottom line for e-commerce vendors as well.

“If you’re an e-commerce vendor, imagine reducing the shopping cart abandonment rate by even 10%,” Shikiar said. “Our data shows that 50% of consumers that had to abandon a purchase in the past six months did so because they forgot your password and that’s a huge opportunity cost.”

While FIDO authentication has been available for anyone to use for over a decade, Shikiar noted that there have been some adoption challenges. Passkeys are, in part, a solution to some of those adoption challenges. With passkeys, there is a more recognizable set of common terminology and the technology also provides a familiar flow for users that aims to reduce friction.

In the enterprise, Shikiar said that passkeys are a very natural fit for things like BYOD [Bring Your Own Device] authentication, allowing employees to sign in with apps on their phones.

“This is becoming more the norm than the exception, and passkeys are just a very natural fit for that environment,” Shikiar said.

The State of Authentication 2023

Make no mistake about it, there are a lot of problems with passwords. To add some metrics to the argument against passwords, Jay Roxe, CMO at HYPR provided some insights from his firm’s State of Passwordless Security 2023 report.

Roxe noted that one of the things that really jumped out to him was that three out of five of the organizations that HYPR talked to for the report, had an authentication related breach over the past year. He added that each of those organizations had nearly $3 million dollars in costs associated with those breaches on a 12 month basis. Financial Services was the most highly attacked industry vertical with 81% of financial services organizations having recorded some type of attack or breach related to authentication.

The HYPR report also attempted to discover why organizations will move to deploy strong authentication passwordless approaches. Roxe emphasized that it’s critical to have a good user interface and flow, otherwise the technology won’t get adopted. In fact the report found the top reason why organizations are looking to adopt passwordless is to improve the user experience.

“Until we nail that user experience, we’re fundamentally not going to be any better off than we are today,” Roxe said.

Passkeys 101

Among the most interactive sessions of the event was one on the basics of how passkeys work, which kept moderator Megan Shamas, senior director of marketing at the FIDO Alliance very busy handling questions from the engaged audience at the end of the session.

The session actually got started with Tim Cappalli, identity standards architect at Microsoft outlining the historical path of FIDO standards. The big milestones along the path include the debut of the U2F specifications in 2014, FIDO2 in 2017, WebAuthn in 2019 and just last year the emergence of passkeys.

“It has been a journey,” Cappalli said. “We think that in the last two to three years, we really have been moving towards the last step to moving people beyond passwords.”

Cappalli outlined how passkeys works and what the primary advantages are for the approach. He explained that a passkey is fundamentally a FIDO credential with some new properties. Among the properties highlighted by Cappalli are:

Autofill. With Autofill, much like the experience users have today with a password manager, a passkey can be automatically injected into an authentication flow into existing websites.
Cross Device Authentication. Instead of a credential being tethered strictly to a single device, passkeys enable a credential to be durable across environments, enabling a phone for example to be able to bootstrap another device or ecosystem.

Championing FIDO adoption at scale

Few professionals have had as much experience deploying FIDO at scale as Marcio Mello, who has led efforts at PayPal, Intuit and eBay.

Mello outlined in great detail the steps that organizations can and should take to support FIDO strong authentication. In his view, the benefits are obvious.

“As soon as we could, we started doing WebAuthn deployment at eBay and saw the benefits almost immediately,” Mello said.

For Mello, passkeys are the next massive step forward as it’s an approach that will reduce consumer friction and hopefully enable adoption at scale. It is fundamentally the ease of use that passkeys promise that is literally the key.

“Consumers expect to see and use a password,” he said. “Yes, everybody’s tired of them, but it’s like smoking, most smokers would like to stop but they can’t, sure they know it’s bad, but you need to have the motivation and a very low bar of ability to be able to drive a habit change.”

FIDO and Zero Trust

In the security world, zero trust is an increasingly common concept that advocates an approach where users and entities need to be constantly validated to limit risks.

For Kurt Johnson, chief strategy officer at Beyond Identity, there is a clear intersection between FIDO authentication and zero trust. After all, a core foundation of zero trust is the need to constantly authenticate users and if organization’s aren’t using strong authentication, that’s a weak link.

Johnson said that with zero trust there is a need to assess and establish a high level of trust in the user identity. That just can’t be done effectively through passwords and that’s where there is a need for FIDO Certified authentication, that’s unphishable.

Helping Amazon’s drive to be customer-obsessed

Amazon operates one of the world’s largest e-commerce sites and it’s also a strong advocate and supporter of the FIDO Alliance.

Yash Patodia, principal product manager, tech, world wide consumer at Amazon said that his team is always looking to improve usability. One of the efforts to improve has been a move to remove passwords wherever possible. Patodia said that Amazon uses FIDO security keys for its own internal security which has worked well.

While security keys have worked for Amazon’s own internal needs, he noted that they can be difficult for consumers to adopt. That’s one of the many reasons why he’s particularly excited about passkeys.

“I think it’s a great leap forward from the password, OTP (one time passwords) and the security keys world,” Patodia said. “Some of the benefits I can see for passkey is that it really makes it very easy for the customer to use.”

Making it easier for consumers is critical for Amazon overall as it’s core to the company’s mission.

“We have this term at Amazon we use a lot called customer obsession,” Patodia said. “And this fits perfectly for us in that this is actually a customer obsessed product where we are making it very easy for the customer to do what they want to do.”

PNC BANK looks to protect its users with FIDO

Susan Koski, CISO of PNC Bank, knows all too well the challenges of password, that’s why she’s such a strong advocate and supporter of FIDO.

She noted that criminals are going after user passwords in a bid to take over accounts. Among the risks that she is trying to help limit is that of phishable credentials, such as passwords.

“We really do want to reduce those phishable credentials but we do it in a way that a customer wants to use the service,” Koski said. “Balancing security and the customer experience. I think that’s just been a mantra for us in information security in cyberspace for a while.”

Koski said that PNC Bank has embraced FIDO as a way to help move towards passwordless over time. The importance of taking a standardized approach that benefits from the support and participation of a broad array of participants is critical as well.

“Passwords have been around for 50 plus years and it’s time, it’s beyond time for us to move past passwords,” Koski said.

Enterprise guidance for passkeys is on the way

Looking forward, Megan Shamas of FIDO Alliance outlined a series of efforts that are underway to help provide more enterprise guidance for passkeys.

“We will be publishing a group of five papers that address what we hope to be the majority of the use cases that are out there on the enterprise,” Shamas said.

The five papers include:

Introduction to passkeys in the enterprise
How to replace password-only authentication with passkeys
How to displace password + SMS OTP authentication with passkeys
FIDO authentication for moderate assurance use
High Assurance Enterprise FIDO Authentication

“If you would like to be part of the conversation around enterprise requirements, please do get in touch with us,” Shamas said. “This is the time now really to give your input on how we’re looking at passkeys from an enterprise perspective.”

Registrants can now view the event recording online. If you missed the event and would like to view the recording, visit the event website to register for access.

The post Recap: Authenticate Virtual Summit: Authentication in Financial Services and Commerce appeared first on FIDO Alliance.

SK Telecom announces adoption of passkeys for online users in Korea

Lori Glavin — Sun, 26 Mar 2023 23:03:06 +0000

By Joon Hyuk Lee, APAC Market Development Director, FIDO Alliance

SK Telecom, a leading mobile phone service provider in Korea, is taking a big step forward in terms of user authentication by adopting passkeys for their online users.

Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing resistant. They eliminate the need for users to remember complex passwords and the authentication process is much faster. Passkeys are based on FIDO authentication, which is proven to be resistant to threats of phishing, credential stuffing and other remote attacks.

SK Telecom has introduced passkeys as a means of user authentication to PASS, their identity verification services with over 18 million users. Customers using iOS16 or higher devices can use the passkeys for PASS login, identity verification through PASS, and electronic signature. Depending on the device, user authentication is performed using Face ID and Touch ID. Android users can now use FIDO2 based authentication methods and perform authentication by utilizing screen locks (biometrics, PINs, patterns, etc.) provided by their devices. In the future, SK Telecom plans to make sign-ins with passkeys available to Android users as well. SK Telecom will introduce new user scenarios in a variety of ways to better protect customers’ assets and identity through the introduction of the passkeys.

[Passkey Registration Process on SK Telecom PASS]

SK Telecom Developed support for passkeys through cooperation with platform operators, and the FIDO authentication server for processing sign-ins with passkeys was developed by SK Telecom’s own technology. By actively introducing not only PASS but also various services provided by SK Telecom, they hope that many customers who use SK Telecom services will be able to use the service more conveniently and without worrying about security.

This deployment represents a new milestone in SK Telecom’s journey with FIDO. In 2019, during the FIDO Alliance Public Seminar in Korea, SK Telecom reported zero credential stuffing once the company adopted FIDO Authentication for internal usage. They also claimed that their FIDO-based biometric authentication reduced the average authentication time to less than 5 seconds, which previously took more than 30 seconds on average, when the internal users tried logging in with ID and passwords. It is great to see that they continue to innovate and now provide the benefits of FIDO Authentication to the general public.

Through this milestone, many users in Korea will be safe from various threats stemming from passwords, and SK Telecom’s movement as an innovator will have a positive impact on spreading password-less authentication not only in Korea but also globally.

To learn more about SK Telecom, please visit their corporate website. You can also download the PASS apps by visiting the App Store or Google Play.

The post SK Telecom announces adoption of passkeys for online users in Korea appeared first on FIDO Alliance.

Tech Radar: This identity management firm is the first big player to ditch passwords

Emiliano Borzelli — Fri, 24 Mar 2023 16:33:22 +0000

ForgeRock has become the first identity management platform to make the leap into the brave new world of passwordless security. ForgeRock has been implementing passwordless solutions for more than a decade in the consumer realm, and its Identity Platform has deployed passwordless solutions for mobile and web apps. The company already supports FIDO2 WebAuthn standards and passkeys, the foremost technologies currently used in passwordless authentication which are supported by big tech firms such as Apple, Google, Amazon and Meta.

The post Tech Radar: This identity management firm is the first big player to ditch passwords appeared first on FIDO Alliance.

WEB.de: AI fraud with a stolen voice

Emiliano Borzelli — Fri, 24 Mar 2023 16:32:14 +0000

Online providers need to check if and when they use convenient but technically easily surmountable authentication options. Strong access security is offered by the FIDO2 standard, for example, which even allows secure passwordless access.

The post WEB.de: AI fraud with a stolen voice appeared first on FIDO Alliance.

Blog NT: NordPass announces support for passkeys

Emiliano Borzelli — Fri, 24 Mar 2023 16:31:04 +0000

Passkeys are the future of digital security. Password managers such as 1Password, Dashlane and LastPass have already announced support for this new technology. NordPass joins this list this week with support for Passkeys in its application.

The post Blog NT: NordPass announces support for passkeys appeared first on FIDO Alliance.

Biometric Update: HYPR turns smartphones into FIDO2 virtual security keys for passwordless authentication

Emiliano Borzelli — Fri, 24 Mar 2023 15:24:17 +0000

Decentralized authentication firm HYPR has unveiled a new software tool that enables companies to use smartphones as FIDO2 virtual security keys for passwordless authentication.

Called Enterprise Passkeys for Microsoft Azure, the program supports integration with Microsoft Entra. It aims to provide the flexibility and security features of FIDO2 authentication while removing costs associated with hardware security keys.

The post Biometric Update: HYPR turns smartphones into FIDO2 virtual security keys for passwordless authentication appeared first on FIDO Alliance.

Beta Kit: How 1Password plans to build a passwordless future

Emiliano Borzelli — Fri, 24 Mar 2023 15:22:10 +0000

Now in a key 18-month window, 1Password plans to ramp up its shift to passkeys in 2023.

Big Tech companies have recently made headlines by pledging to move away from traditional passwords in favour of a more modern solution: passkeys. But for Anna Pobletts, the advent of passkeys is nothing new.

Two years ago, Pobletts co-founded and was CTO of Austin, Texas-based startup Passage, which focused on making the predecessor to passkeys, an API called WebAuthn, accessible to developers and businesses that were looking to implement passwordless authentication.

In only the second year of its existence, Passage caught the eye of another major player in the authentication space: 1Password, the password manager used by millions and one of Canada’s most valuable tech companies.

The post Beta Kit: How 1Password plans to build a passwordless future appeared first on FIDO Alliance.

Journal du Net: Digital accessibility: Why CIOs should make it a priority

Lori Glavin — Thu, 23 Mar 2023 13:10:01 +0000

In this byline, Andrew Shikiar explains how simple and safe digital accessibility is an essential human right today.

The post Journal du Net: Digital accessibility: Why CIOs should make it a priority appeared first on FIDO Alliance.

L’Eclaireur FNAC: How password managers are preparing for a future … without passwords

Lori Glavin — Thu, 23 Mar 2023 13:09:23 +0000

Passwordless authentication has the potential to continue to grow in 2023. In any case, the tech giants, Microsoft, Google and Apple in the lead, within the FIDO Alliance, are doing everything to ensure that the adoption happens as soon as possible. To quickly summarize what we had already explained previously, authentication without passwords, or passwordless , has, as its name suggests, the purpose of allowing you to connect to sites and services without passwords.

The post L’Eclaireur FNAC: How password managers are preparing for a future … without passwords appeared first on FIDO Alliance.