Technical Principles of FIDO Authentication

An overview of the technical principles of the FIDO Authentication specifications for online authentication.

This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.

Presented at FIDO Authentication Seminar – Tokyo By: Alain Martin, VP, Strategic Partnerships, Gemalto; Secretary, FIDO Alliance Board of Directors; Co-Chair, FIDO Europe Working Group

The document discusses Microsoft's strategy for going passwordless. It begins by outlining the problems with passwords, such as increased security incidents and support costs due to forgotten passwords. It then presents Microsoft's four step strategy to achieve the end-user and security promises of being passwordless: 1) deploy password replacement offerings, 2) reduce visible password surface area, 3) transition to passwordless methods, and 4) eliminate passwords from identity directories. Specific passwordless methods discussed include Windows Hello, Microsoft Authenticator, and FIDO2 security keys. The document demonstrates how these work across platforms and provides resources for learning more.

This document summarizes a presentation about FIDO authentication in shifting European regulatory landscapes. It discusses how FIDO helps with strong customer authentication requirements under PSD2 and GDPR regulations. FIDO simplifies the customer journey for authentication by using a single step instead of multiple steps like OTP. It also addresses privacy and data protection by design principles through storing credentials on devices instead of servers and preventing data leakage. The presentation argues that in light of security breaches and fines under regulations, service providers should replace passwords with stronger authentication like FIDO.

A detailed look at FIDO Authentication, how FIDO works, FIDO & federation, attestation and meta data, and more.

1) LINE is replacing existing biometric authentication with FIDO2 authentication in their mobile payment app LINE Pay to enhance security following payment fraud incidents. 2) They plan to expand FIDO integration to more LINE platforms and countries starting with the iOS version of LINE Pay in Japan. 3) LINE has developed their own FIDO authenticator called LINE iOS FIDO2 Combo which leverages the iPhone's Touch ID/Face ID and provides attestation through a trusted security module and whitebox abstraction layer.

The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.

Presented at FIDO Authentication Seminar – Tokyo By: Anthony Nadalin, Chief Security Architect, Microsoft; Co-Chair, FIDO2 Technology Working Group

Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication By: David Pollington, Head of Service Access, GSMA

1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators. 2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices. 3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.

A look at FIDO Certification program, including functional, authenticator and biometric; the value of certification for relaying parties and vendors, and how to get started.

This document discusses authentication methods used in Hong Kong, including two-factor authentication (2FA). It summarizes how the FIDO standard fits well with Hong Kong's requirements, having been adopted by several banks and other organizations. The document also outlines some lessons learned from implementing FIDO in Hong Kong, including the need for broad handset support. It explores how FIDO could be expanded to other uses beyond authentication.

An in-depth look at FIDO as high-assurance strong authentication, including the ecosystem, early adopters and how FIDO works.

FIDO Alliance Vision and Status by Brett McDowell, FIDO Alliance - Presented at FIDO Seoul Public Seminar on December 5th, 2018

A detailed, technical look at the FIDO specifications including the use cases, registration, authentication and fundamentals of FIDO.

The document provides an overview of FIDO authentication including: 1. How FIDO authentication works by using an authenticator to verify the user and perform the authentication without revealing identity attributes. 2. The FIDO ecosystem involves authenticators, clients, servers, and metadata to understand authenticator security characteristics. 3. FIDO supports a range of authenticators from platform-based to roaming and different user verification methods while keeping user verification data private.

What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience. - Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases. - Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process. - Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.