Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to the FIDO Alliance

7,234 views

Published on

An overview of the Alliance, the problem we are addressing the password problem, how FIDO is addressing it, the new ecosystem we are creating and the road ahead.

Published in: Technology
  • Be the first to comment

Introduction to the FIDO Alliance

  1. 1. All Rights Reserved | FIDO Alliance | Copyright 20171 INTRODUCTION TO THE FIDO ALLIANCE BRETT MCDOWELL EXECUTIVE DIRECTOR
  2. 2. All Rights Reserved | FIDO Alliance | Copyright 20172 AGENDA: THE PROBLEM THE SOLUTION THE ECOSYSTEM THE ROAD AHEAD
  3. 3. THE WORLD HAS A PASSWORD PROBLEM All Rights Reserved | FIDO Alliance | Copyright 20173
  4. 4. All Rights Reserved | FIDO Alliance | Copyright 20174 THE WORLD HAS A PASSWORD PROBLEM Data breaches in 2016 that involved weak, default, or stolen passwords1 Increase in phishing attacks over the number of attacks recorded in 20152 Breaches in 2016, a 40% increase over 20153 1Verizon 2017 Data Breach Report |2Anti-Phishing Working Group | 3Identity Theft Resource Center 2016 CLUMSY | HARD TO REMEMBER | NEED TO BE CHANGED ALL THE TIME 81% 65% 1,093
  5. 5. ONE-TIME PASSCODES Improve security but aren’t easy enough to use Still Phishable User Confusion Token Necklace SMS Reliability All Rights Reserved | FIDO Alliance | Copyright 20175
  6. 6. THE “SHARED SECRET” (AKA “WHAT YOU KNOW”) IS BROKEN WE NEED A NEW AUTHENTICATION MODEL “WHAT YOU HAVE” (+ “WHAT YOU ARE”) All Rights Reserved | FIDO Alliance | Copyright 20176
  7. 7. All Rights Reserved | FIDO Alliance | Copyright 20177 AGENDA: THE PROBLEM THE SOLUTION THE ECOSYSTEM THE ROAD AHEAD
  8. 8. All Rights Reserved | FIDO Alliance | Copyright 20178 THE NEW MODEL open standards for simpler, stronger authentication using public key cryptography Fast IDentity Online
  9. 9. All Rights Reserved | FIDO Alliance | Copyright 20179 THE FACTS ON FIDO The FIDO Alliance is an open industry association of over 250 organizations with a focused mission: 300+ FIDO Certified solutions 3 BILLION Available to protect user accounts worldwide Today, its members provide the world’s largest ecosystem for standards-based, interoperable authentication AUTHENTICATION STANDARDS based on public key cryptography to solve the password problem
  10. 10. All Rights Reserved | FIDO Alliance | Copyright 201712 HOW OLD AUTHENTICATION WORKS ONLINE CONNECTION The user authenticates themselves online by presenting a human-readable “shared secret”
  11. 11. All Rights Reserved | FIDO Alliance | Copyright 201713 HOW FIDO AUTHENTICATION WORKS LOCAL CONNECTION ONLINE CONNECTION The device authenticates the user online using public key cryptography The user authenticates “locally” to their device (by various means)
  12. 12. All Rights Reserved | FIDO Alliance | Copyright 201614 Passwordless Experience Second Factor Experience Flexible authentication spanning a variety of service providers ENHANCED AUTHENTICATION EXPERIENCES
  13. 13. All Rights Reserved | FIDO Alliance | Copyright 201717 FIDO DELIVERS ON KEY PRIORITIES Security Privacy Interoperability Usability
  14. 14. All Rights Reserved | FIDO Alliance | Copyright 201718 AGENDA: THE PROBLEM THE SOLUTION THE ECOSYSTEM THE ROAD AHEAD
  15. 15. All Rights Reserved | FIDO Alliance | Copyright 201719 HOW TO BUILD AN ECOSYSTEM? CERTIFICATIONS MEMBERS & PARTNERS DEPLOYMENTS SPECIFICATIONS
  16. 16. All Rights Reserved | FIDO Alliance | Copyright 201720 250+ MEMBER ORGANIZATIONS GLOBALLY FIDO board members include leading global brands and technology providers + SPONSOR MEMBERS + ASSOCIATE MEMBERS + LIAISON MEMBERS
  17. 17. All Rights Reserved | FIDO Alliance | Copyright 201721 LIAISON PROGRAM
  18. 18. All Rights Reserved | FIDO Alliance | Copyright 201722 *NEW* LIASION PARTNER To explore the market and technical fits between FIDO Authentication & Mobile Connect
  19. 19. FIDO Specifications FIDO 1.1 (FIDO) CTAP* (FIDO) WebAuthn* (FIDO+W3C) UVC* (FIDO+EMVCo) All Rights Reserved | FIDO Alliance | Copyright 201723 *FIDO 2 Project: In Development
  20. 20. All Rights Reserved | FIDO Alliance | Copyright 201724 BY THE NUMBERS: CERTIFICATIONS 32 62 74 108 162 216 253 304 343 Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16 Dec-16 May-17 254 89
  21. 21. All Rights Reserved | FIDO Alliance | Copyright 201725 FIDO IN THE IOS ECOSYSTEM Supported iOS fingerprint devices iPhone SE iPhone & iPhone+ iPad Pro iPad Air, Mini
  22. 22. All Rights Reserved | FIDO Alliance | Copyright 201726 FIDO IN THE ANDROID ECOSYSTEM S5, Mini Alpha Note 4,5 Note Edge Tab S, Tab S2 S6, S6 Edge S7, S7 Edge Vernee Thor Xperia Z5 SO-01H Xperia Z5 Compact SO-02H Xperia Z5 Premium SO-03H Mate 8 V10 G5 Phab2 Phab2 Pro Plus Z2, Z2 Pro Xperia X Performance Xperia XZ Xperia X Compact SO-02J Arrows NX Arrows Fit Arrows Tab F-02HF-04HF-04G F-01H Aquos Zeta SH-01HSH-03G SH-02J MO1T F-01J
  23. 23. All Rights Reserved | FIDO Alliance | Copyright 201727 FIDO IN THE WINDOWS + WEB ECOSYSTEMS Yoga 910 Windows 10 Microsoft Edge Windows Platforms Web
  24. 24. All Rights Reserved | FIDO Alliance | Copyright 201728 FIDO CERTIFIED TOKENS - SAMPLE
  25. 25. All Rights Reserved | FIDO Alliance | Copyright 201729 SAMPLE: FIDO-ENABLED SERVICES 3 BILLION AVAILABLE TO PROTECT ACCOUNTS WORLDWIDE
  26. 26. All Rights Reserved | FIDO Alliance | Copyright 201730 AGENDA: THE PROBLEM THE SOLUTION THE ECOSYSTEM THE ROAD AHEAD
  27. 27. All Rights Reserved | FIDO Alliance | Copyright 201731 WEB AUTHENTICATION SPECIFICATION BRINGS FIDO TO THE PLATFORM Sets model for native platforms to follow World Wide Web Consortium (W3C) developing a Web Authentication specification based on 3 FIDO Alliance technical specifications Standard web API enables web apps to move beyond passwords and offer FIDO strong authentication across all web browsers and web platforms
  28. 28. All Rights Reserved | FIDO Alliance | Copyright 201732 CLIENT-TO-AUTHENTICATOR PROTOCOL (CTAP) • CTAP will enable browsers and operating systems to talk to external authenticators like USB keys, NFC and Bluetooth- enabled devices • Use a wearable or mobile device, for example, to log in to a computer, tablet, IoT device, etc. • Removes requirement to re-register on every device
  29. 29. All Rights Reserved | FIDO Alliance | Copyright 201733 EXTENSION TO WEBAUTHN: USER VERIFICATION CACHING • Enables convenient on-device FIDO Certified authenticators, such as a fingerprint or “selfie” biometrics • Securely verifies consumer’s presence when making an in-store or in-app mobile payment • Provides additional risk management information in order to approve a payment within a given time period • Reduces the number of times a consumer needs to re-authenticate themselves
  30. 30. All Rights Reserved | FIDO Alliance | Copyright 201734 FIDO IMPACT ON POLICY FIDO specifications offer governments newer, better options for strong authentication – but governments may need to update some policies to support the ways in which FIDO is different. 1. Recognize that two-factor authentication no longer brings higher burdens or costs. 2. Recognize technology is now mature enough to enable two secure, distinct auth. factors in a single device. 3. As governments promote or require strong auth., make sure it is the “right” strong auth. As technology evolves, policy needs to evolve with it.
  31. 31. All Rights Reserved | FIDO Alliance | Copyright 201735 Join the FIDO Ecosystem www.fidoalliance.org Deploy Take Part in FIDO Events Build FIDO Certified Solutions Join the Alliance
  32. 32. 36 ADDITIONAL RESOURCES All Rights Reserved | FIDO Alliance | Copyright 2017 Membership information: https://fidoalliance.org/membership/ Liaisons: https://fidoalliance.org/participate/liaison/ FIDO Explainer Video: https://youtu.be/0tGk5-4wx-w Blog: https://fidoalliance.org/category/blog/ Email: info@fidoalliance.org Twitter: @FIDOAlliance Upcoming events: • https://fidoalliance.org/upcoming-events/
  33. 33. All Rights Reserved | FIDO Alliance | Copyright 201737 THANK YOU BRETT MCDOWELL, EXECUTIVE DIRECTOR BRETT@FIDOALLIANCE.ORG

×