Ask FIDO About Anything: Certification

A look at trends in consumer authentication, including the growth of FIDO Authentication and how it complements adaptive authentication.

The document provides an overview and introduction to the Authenticate 2021 conference. It discusses the growing need for strong user authentication given increased cyberattacks. It summarizes the FIDO Alliance's work in developing open authentication standards like WebAuthn and U2F to enable simpler and more secure authentication using public key cryptography and moving away from password-based systems. The document outlines the growing adoption of FIDO standards by companies and devices. It previews sessions and speakers at the conference and next steps for the FIDO Alliance to further authentication security and adoption.

The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security. The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators. Featuring industry experts, this presentation explores how FIDO can resolve key issues, including: • How the FIDO standards conform to the RTS • How FIDO’s certification program guarantees this conformity • How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS

Executive Director and Chief Marketing Officer of FIDO Alliance, Andrew Shikiar updates viewers on the State of FIDO.

This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.

Presented at FIDO Authentication Seminar – Tokyo By: Anthony Nadalin, Chief Security Architect, Microsoft; Co-Chair, FIDO2 Technology Working Group

The document discusses mobile authentication and the growing market for connected devices. It summarizes Nok Nok Labs' solutions for securely authenticating users and devices using biometrics on mobile phones. Nok Nok Labs has provided mobile authentication solutions for major companies in financial services, IoT security, and mobile carriers to replace passwords with stronger authentication methods. The document highlights case studies of deployments and strategic partnerships with companies seeking more secure authentication for their customers and devices.

This document discusses passwordless authentication using FIDO implementations. It provides a baseline study examining FIDO U2F deployments across different platforms and products. The study found a lack of consistent terminology, authentication methods, and browser support across services. Consistent user experiences are important for consumer adoption of passwordless authentication. The solution needs to be more convenient than passwords while providing security that consumers understand and value.

A technical tutorial on deploying FIDO U2F specifications for security tokens for enterprise and consumer authentication.

This document discusses using FIDO authentication in mobile networks. It addresses why multi-factor authentication is important for security and usability. It develops a digital identity ecosystem centered around mobility, leveraging mobile network operator assets. It proposes implementing FIDO authentication to support use cases across various industries, making authentication more universal across devices. FIDO provides a complimentary, standards-based secure authentication solution for mobile network operators.

This document discusses lifecycle considerations for security key deployments. It covers account registration, device registration, and account recovery. For account recovery, it recommends using multiple security keys to allow for self-recovery. It also recommends expanding existing identity proofing mechanisms used during initial registration to be used during account recovery. The document discusses both self-service and assisted account recovery options.

This presentation includes an introduction to the FIDO Alliance along with analysis on the state of consumer and enterprise authentication among U.S. businesses based upon the findings in the 2017 State of Authentication Report by Javelin Strategy & Research. It also includes recommendations on when companies should strongly consider high-assurance strong authentication.

A detailed, technical look at the FIDO specifications including the use cases, registration, authentication and fundamentals of FIDO.

The document discusses the problems with password-based authentication and introduces FIDO authentication as a solution. It summarizes that FIDO authentication uses public key cryptography to allow users to authenticate with a single gesture on their device, without needing shared secrets or passwords. FIDO authentication is being adopted by major companies and specifications are standardized, with over 500 authenticators certified for compatibility and security. The presentation promotes FIDO as the future of secure, usable authentication.

The document discusses technical principles of FIDO authentication. It provides an overview of how FIDO works, including the FIDO ecosystem with authenticators, clients, servers and relying parties. It also summarizes the FIDO registration and authentication processes, which separate user verification from authentication through the use of public and private keys.

The document discusses using FIDO authenticators for IoT devices. It presents eWBM's biometric external FIDO authenticator and its security features. Potential applications of FIDO authentication for IoT are then described, including for device authentication over LoRa networks, drone control, and public WiFi access. The use of a BLE FIDO authenticator for personalized smart speaker services is also proposed. The conclusion recommends slimming down the FIDO client for embedded systems and achieving at least Security Level 2 certification for IoT authenticators.

The document discusses how governments are increasingly prioritizing strong authentication and looking to standards like FIDO to provide more secure, usable and privacy-preserving authentication. It notes that the UK and US governments have highlighted FIDO and endorsed its ability to deliver improved security without passwords. The document also discusses how authentication is an area of regulatory focus due to compliance needs around privacy, security and access across domains like digital government, healthcare, payments and financial services. It argues that FIDO specifications address regulatory needs by providing nimble, configurable and cost-effective strong authentication.

An update for FIDO's Technical Director, Adam Powers, on the current status and upcoming changes to the FIDO Certified Program.