Solving the IoT Challenge

This document provides instructions for implementing passwordless authentication for a web application using WebAuthn and FIDO2 security keys. It describes setting up a sample Spring Boot web app with traditional username/password authentication and then enhancing it with passwordless authentication. The workshop is split into modules, with this module focusing on implementing the authentication REST endpoints and updating the UI to allow passwordless sign-in. It provides code examples and diagrams to explain how the authentication flow works when a user attempts to sign in using a previously registered security key.

Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.

This document summarizes LINE's deployment of FIDO2 authentication for its LINE Pay service. It discusses how passwords are insecure and the root of many breaches. FIDO2 provides a stronger alternative using public/private key attestation and is designed to be privacy-preserving. LINE joined the FIDO Alliance in 2017 and certified its universal server in 2018. It has implemented FIDO2 authentication flows for iOS using Touch ID/Face ID and for Android. Future plans include expanding FIDO2 to more financial services and LINE applications to encourage password-less authentication.

View the 2019 FIDO Seoul Seminar session slides to discover how the future is moving to a passwordless world.

This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.

The FIDO Certified program is a core activity of the FIDO Alliance that underpins the B2B FIDO ecosystem of interoperable products and services. A growing majority of service providers are specifying FIDO Certified products in their RFPs as they are seeking the benefits of having a standards-based and future-proof foundation for user authentication. Beyond those core benefits, we’re seeing growing use cases and demand for more advanced Certified Authenticators – as well as in FIDO’s biometric component certification program, which is a useful mechanism for assessing how well biometric products perform against industry standard metrics. Are you thinking about developing FIDO products and getting certified? Are you a service provider wondering what FIDO Certified means for you? Are you just wondering what the different certification programs are and how they relate to each other? View the presentation.

Presented at FIDO Authentication Seminar – Tokyo By: Anthony Nadalin, Chief Security Architect, Microsoft; Co-Chair, FIDO2 Technology Working Group

The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security. The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators. Featuring industry experts, this presentation explores how FIDO can resolve key issues, including: • How the FIDO standards conform to the RTS • How FIDO’s certification program guarantees this conformity • How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS

A look at FIDO Certification program, including functional, authenticator and biometric; the value of certification for relaying parties and vendors, and how to get started.

Eleanor Weaver and Simon Fellows presented on Darktrace, an artificial intelligence cybersecurity company that provides self-learning cyber defense systems. Darktrace's systems can passively learn normal operations without maintenance and detect threats across OT, IT, and IoT networks. The systems are protocol and technology agnostic, providing full visibility without needing to understand individual network configurations or protocols. Traditional security approaches like baselining lack context to distinguish normal operations from attacks and cannot detect existing compromises. Darktrace uses case studies to demonstrate how its systems have detected complex ransomware infections and external reconnaissance efforts on critical infrastructure networks.

The document discusses modern authentication and Nok Nok Labs' role in pioneering this area. It notes that Nok Nok Labs invented modern authentication, founded and led the FIDO Alliance, and has deployed authentication solutions for major markets. The document promotes the benefits of leveraging modern authentication, such as improved customer experience, higher retention and satisfaction, and reduced fraud and costs. It argues that authentication, security, and privacy will be vital for society with the rise of cloud services, IoT, and other technologies.

- The document summarizes a presentation given by Brett McDowell, Executive Director of the FIDO Alliance, about updates to the FIDO Alliance and passwordless authentication standards. - It highlights growing issues with passwords like high costs of password resets for organizations and high rates of password-related data breaches and phishing attacks. - The FIDO Alliance is working to solve the password problem through open authentication standards based on public key cryptography that eliminate the reliance on shared secrets and enable strong, phishing-resistant multi-factor authentication with a single gesture. - New developments include FIDO specifications becoming ITU and W3C standards, a growing number of FIDO2 certified products