Fido Overview: Status and Future
- 3. 783 data breaches
IN 2014...
>1 billion
records stolen since 2012
3
$3.5 million
average cost per breach
- 11. HOW DOES FIDO WORK?
USER VERIFICATION FIDO AUTHENTICATION
AUTHENTICATOR
11
- 15. Passwordless Experience (FIDO UAF Standards)
Second Factor Experience (FIDO U2F Standards)
Transaction Detail User Authentication Done
1 2 3
Success
$10,000
Transfer Now
Login & Password
1
Insert dongle
Press Button
2
Done
3
Success
15
- 16. 2014 Deployments
16
ü PayPal continues FIDO enablement in
improved mobile wallet app.
ü Google has FIDO in Chrome and
2-Step Verification.
ü Samsung adds FIDO enabled Touch
authentication to Galaxy® S6
- 17. FIDO UNIVERSAL 2ND FACTOR
AUTHENTICATOR
Is a user
present?
Same
authenticator
as registered
before?
USER VERIFICATION FIDO AUTHENTICATION
17
- 28. 28
No 3rd Party in the Protocol
No Secrets on the Server side
Biometric data (if used) never leaves device
No link-ability between Services or Accounts
- 29. Better Security for online services
Reduced cost for the enterprise
Simple & Safe for consumers
29
- 30. The FIDO Alliance is an open
association of more than 180
diverse member organizations
30
- 32. Board Members
32
ü Online Services
ü Chip Providers
ü Device Providers
ü Biometrics Vendors
ü Enterprise Servers
ü Platform Providers
- 33. FIDO TIMELINE
FIDO 1.0 FINAL
Specification
First UAF & U2F
Deployments
Specification
Review Draft
FIDO Ready
Program
Alliance
Announced
FEB
2013
(6 Members)
DEC
2013
(59 Members)
FEB
2014
(84 Members)
FEB-OCT
2014
(129 Members)
DEC 9
2014
(152 Members)
33
- 36. 36
Implementing 1.0 Specifications
(this is only a subset of active implementations)
Online Services
Chip Providers
Device Providers
Biometrics Technology Providers
Enterprise Servers
Open Source
Mobile Apps/Clients
WWW Browsers
- 37. FIDO in Windows 10
37
ü Windows used by
1.5 billion users
ü Windows 10 in 190
countries by Q3
ü Free upgrade for
consumer
- 38. FIDO in Snapdragon
38
ü Market leader to
ship FIDO client
ü 85+ OEMs as of Q4
ü >1 billion Android
devices shipped
ü Innovative sensor
- 39. FIDO in Healthcare
39
ü First healthcare
deployment
ü Physician access
to health records
ü up to 50 million
Healthcare users
- 40. FIDO in Enterprise
40
ü Google for Work announced Enterprise
admin support for FIDO® U2F “Security
Key” – April 21
ü Google for Work is used by over 5
million businesses worldwide
ü “The Security Keys are a great step
forward, as they are very practical and
more secure.” – Woolsworth IT
- 41. FIDO & Government
41
2013 Data Breach Investigations Report (conducted
by Verizon in concert with the U.S. Department of
Homeland Security) noted that 76% of 2012 network
intrusions exploited weak or stolen credentials.
-- NIST Roadmapfor Improving CriticalInfrastructure Cybersecurity,12-
Feb-2014
ü Governments
worldwide are
looking at FIDO
ü FIDO featured at
White House Summit
ü New collaboration
framework…