Design Guidelines for Passkeys 2024.pptx

•Download as PPTX, PDF•

1 like•134 views

FIDO Alliance

FIDO Seminar RSAC 2024

Technology

© FIDO Alliance 2024 Confidential
1 © FIDO Alliance 2024 Confidential
1
2024 Design
Guidelines for
Passkeys

© FIDO Alliance 2024 Confidential
2 © FIDO Alliance 2024 Confidential
2
Kevin Goldman Philip Corriveau
Chief Experience Officer, Trusona
Chair, UX Working Group, FIDO
Alliance
Senior Manager User Experience, RSA
UX Research Lead, FIDO Alliance UX
Working Group

© FIDO Alliance 2024 Confidential
3
Team and approach

© FIDO Alliance 2024 Confidential
4
FIDO Alliance UX Working Group
AgileBits, American Express, Apple, ASSA ABLOY, Axiad, Beyond
Identity, Bitwarden, BlinkUX, CVS Health, Daon, Dashlane, Docusign,
Duo, eBay, FIME SAS, Google, Guangdong, Huawei, IBM, Idemia,
Intuit, JP Morgan Chase, Keeper Security, LastPass, Lenovo, Liaison,
Mastercard, Mercari, Meta, Microsoft, Nok Nok, Okta, OneSpan,
PayPal, RSA, Samsung, Sony, Swissbit, Target, TTA, TikTok, Trusona,
U.S. Bank, VinCSS, Visa, Wells Fargo, Yubico
Third party UX research firm: Blink
FIDO Alliance member underwriters:

© FIDO Alliance 2024 Confidential
5
How FIDO produces Design Guidelines
Curated
270 passkey
touchpoints
documented
Grouped
7 themes
identified
Selected
6 design patterns
to pursue in 2024
Built
prototypes and
ideated
experiences
Tested
with a third party
UX research firm
and real users
Publish
14 total patterns
that drive
business
outcomes
… 6x
repeat …
Consumer use case (unregulated), 16 U.S. consumers, iOS,
Android, Windows, 8 service providers
Audited
8 well-known
passkey
deployments

© FIDO Alliance 2024 Confidential
6
Guidelines

© FIDO Alliance 2024 Confidential
7
What’s included?

© FIDO Alliance 2024 Confidential
8
👀 Let’s look at one pattern …

© FIDO Alliance 2024 Confidential
10
One of many key insights …
2023 Guidelines 2024 Guidelines
Plus
Prompt to create passkeys at
account related moments.
Prompt to create passkeys
after SMS OTP sign ins

© FIDO Alliance 2024 Confidential
11
All the Design Guidelines
8 updated patterns 6 new patterns New community resources
Communications
Cross-device
sign-in
Deprecate SMS
OTP
Mobile app Remove
Synced and
device-bound

© FIDO Alliance 2024 Confidential
12 © FIDO Alliance 2024 Confidential
12
Get all the guidelines!
fidoalliance.org/newsletter-sign-up
Identiverse May 28th
@fidoalliance

© FIDO Alliance 2024 Confidential
13
Get started with
passkeys!

© FIDO Alliance 2024 Confidential
14
● Contact a vendor
● Subscribe to FIDO-dev
● Attend Authenticate
● You’re already here …
● Create a proof of concept
● Build a branded prototype
Get involved Leverage guidelines Continue the journey

© FIDO Alliance 2024 Confidential
15 © FIDO Alliance 2024 Confidential
15
Q&A

© FIDO Alliance 2024 Confidential
16 © FIDO Alliance 2024 Confidential
16
Thank you!

The FIDO Alliance was launched with the audacious goal – to move the entire world away from usernames, passwords, and traditional multi-factor authentication to a much simpler and stronger way to log in with FIDO. It’s now 2021, so … are we there yet? Join us for a webinar to take a look at the past year’s progress, and see what’s next. Our executive director and CMO Andrew Shikiar and our director of standards development David Turner will be on the line to take your questions – ask us anything!

FIDO Authentication: Unphishable MFA for All

FIDO Alliance

Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com

FIDO Alliance

The FIDO Alliance has launched a new microsite, LoginWithFIDO.com, for high level, non-technical information about FIDO for consumers and service providers. As part of this project, we wanted to learn more about consumer attitudes and habits around authentication. What are their password habits? What do they think about the FIDO approach? Do they want to see FIDO at login? To find out, we conducted a survey of 1,000 U.S. consumers – the results of which were shared on this webinar. These slides include the findings from our research and how you may be able to utilize the data for your own FIDO offerings and/or deployments. This webinar includes: --How many different passwords consumers really use for their online accounts --What tactics they use for password management and how often they are resetting passwords and --Their familiarity with various types of authentication technologies including SMS OTPs, biometrics and others --The types of apps and services where consumers most want to use FIDO --How consumers want to be communicated with about FIDO at enrollment and login We also gave the audience a detailed look at LoginWithFIDO.com and how you can consider using it for your own educational initiatives around FIDO. You’ll learn: --How to navigate through the microsite and its two landing pages --How you can reference the site and its materials for your own offerings and deployments --Added insights into how to utilize FIDO’s consumer-facing marks

Intro to Passkeys and the State of Passwordless.pptx

FIDO Alliance

Fido--consumer research -report apDF so lets

riffkathleen

FIDO Alliance Research: Consumer Attitudes Towards Authentication

FIDO Alliance

Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell

FIDO Alliance

Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.

Introduction to FIDO Alliance

FIDO Alliance

“Your Security, More Simple.” by utilizing FIDO Authentication

LINE Corporation

Protecting IDAAS with FIDO Authentication

FIDO Alliance

FIDO - The Value of Membership

FIDO Alliance

The FIDO Alliance Today: Status and News

FIDO Alliance

The Value of FIDO Alliance Membership

FIDO Alliance

DOCOMO Joins FIDO Alliance Board of Directors

FIDO Alliance

Tokyo Seminar: FIDO Alliance Vision and Status

FIDO Alliance

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

LoriGlavin3

Introduction to FIDO Authentication and Passkeys.pptx

FIDO Alliance

Introduction to FIDO Alliance

FIDO Alliance

Introduction to FIDO Alliance by Brett McDowell, FIDO Alliance, Executive Director from the FIDO Alliance Seminar in New York City on March 3, 2016, entitled "Key Trends in Strong Authentication" The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.

FIDO Alliance Vision and Status

FIDO Alliance

FIDO Webinar – A New Model for Online Authentication: Implications for Policy...

FIDO Alliance

The new model for stronger, simpler online authentication has implications beyond businesses and their consumers, including government policy and applications. FIDO was designed with security and privacy at the forefront, making it a natural ally for government initiatives in these areas. View slides from policy experts on the role of FIDO in policy, what the Alliance is doing in policy and how governments are working to implement FIDO. Contents: Review of FIDO Alliance – FIDO’s mission and vision – Key liaison relationships & government members – How FIDO enhances privacy FIDO in Government Services, a NIST Perspective Introduction to FIDO’s Privacy and Public Policy Workgroup (P3WG) and some key outputs: – Privacy White Paper – EBA Response FIDO’s fit in global regulatory approaches to security and privacy – Supporting common policy goals – Key differences from traditional 2-factor authentication – Related activities, including Cybersecurtiy National Plan (US), and eIDAS (EU)

Authenticate 2021: Welcome Address

FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf

FIDO Alliance

Similar to Design Guidelines for Passkeys 2024.pptx

The State of Passkeys with FIDO Alliance.pptx

LoriGlavin3

Introduction to the FIDO Alliance

FIDO Alliance

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Welcome and FIDO Update.pptx

FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx

FIDO Alliance

Webinar: Considerations for Deploying FIDO in the Enterprise

FIDO Alliance

Introduction to FIDO Alliance

FIDO Alliance

“Your Security, More Simple.” by utilizing FIDO Authentication

LINE Corporation

Protecting IDAAS with FIDO Authentication

FIDO Alliance

FIDO - The Value of Membership

FIDO Alliance

The FIDO Alliance Today: Status and News

FIDO Alliance

The Value of FIDO Alliance Membership

FIDO Alliance

DOCOMO Joins FIDO Alliance Board of Directors

FIDO Alliance

Tokyo Seminar: FIDO Alliance Vision and Status

FIDO Alliance

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

LoriGlavin3

Introduction to FIDO Authentication and Passkeys.pptx

FIDO Alliance

Introduction to FIDO Alliance

FIDO Alliance

FIDO Alliance Vision and Status

FIDO Alliance

FIDO Webinar – A New Model for Online Authentication: Implications for Policy...

FIDO Alliance

Authenticate 2021: Welcome Address

FIDO Alliance

Similar to Design Guidelines for Passkeys 2024.pptx (20)

The State of Passkeys with FIDO Alliance.pptx

Introduction to the FIDO Alliance

FIDO Alliance Osaka Seminar: Overview.pdf

Welcome and FIDO Update.pptx

FIDO Alliance: Welcome and FIDO Update.pptx

Webinar: Considerations for Deploying FIDO in the Enterprise

Introduction to FIDO Alliance

“Your Security, More Simple.” by utilizing FIDO Authentication

Protecting IDAAS with FIDO Authentication

FIDO - The Value of Membership

The FIDO Alliance Today: Status and News

The Value of FIDO Alliance Membership

DOCOMO Joins FIDO Alliance Board of Directors

Tokyo Seminar: FIDO Alliance Vision and Status

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

Introduction to FIDO Authentication and Passkeys.pptx

Introduction to FIDO Alliance

FIDO Alliance Vision and Status

FIDO Webinar – A New Model for Online Authentication: Implications for Policy...

Authenticate 2021: Welcome Address

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

"Impact of front-end architecture on development cost", Viktor Turskyi

The Art of the Pitch: WordPress Relationships and Sales

Assuring Contact Center Experiences for Your Customers With ThousandEyes

GraphRAG is All You need? LLM & Knowledge Graph

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Essentials of Automations: Optimizing FME Workflows with Parameters

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Accelerate your Kubernetes clusters with Varnish Caching

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

When stars align: studies in data quality, knowledge graphs, and machine lear...

How world-class product teams are winning in the AI era by CEO and Founder, P...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Neuro-symbolic is not enough, we need neuro-*semantic*

Search and Society: Reimagining Information Access for Radical Futures

Design Guidelines for Passkeys 2024.pptx

2. © FIDO Alliance 2024 Confidential 2 © FIDO Alliance 2024 Confidential 2 Kevin Goldman Philip Corriveau Chief Experience Officer, Trusona Chair, UX Working Group, FIDO Alliance Senior Manager User Experience, RSA UX Research Lead, FIDO Alliance UX Working Group

4. © FIDO Alliance 2024 Confidential 4 FIDO Alliance UX Working Group AgileBits, American Express, Apple, ASSA ABLOY, Axiad, Beyond Identity, Bitwarden, BlinkUX, CVS Health, Daon, Dashlane, Docusign, Duo, eBay, FIME SAS, Google, Guangdong, Huawei, IBM, Idemia, Intuit, JP Morgan Chase, Keeper Security, LastPass, Lenovo, Liaison, Mastercard, Mercari, Meta, Microsoft, Nok Nok, Okta, OneSpan, PayPal, RSA, Samsung, Sony, Swissbit, Target, TTA, TikTok, Trusona, U.S. Bank, VinCSS, Visa, Wells Fargo, Yubico Third party UX research firm: Blink FIDO Alliance member underwriters:

5. © FIDO Alliance 2024 Confidential 5 How FIDO produces Design Guidelines Curated 270 passkey touchpoints documented Grouped 7 themes identified Selected 6 design patterns to pursue in 2024 Built prototypes and ideated experiences Tested with a third party UX research firm and real users Publish 14 total patterns that drive business outcomes … 6x repeat … Consumer use case (unregulated), 16 U.S. consumers, iOS, Android, Windows, 8 service providers Audited 8 well-known passkey deployments

10. © FIDO Alliance 2024 Confidential 10 One of many key insights … 2023 Guidelines 2024 Guidelines Plus Prompt to create passkeys at account related moments. Prompt to create passkeys after SMS OTP sign ins

11. © FIDO Alliance 2024 Confidential 11 All the Design Guidelines 8 updated patterns 6 new patterns New community resources Communications Cross-device sign-in Deprecate SMS OTP Mobile app Remove Synced and device-bound

12. © FIDO Alliance 2024 Confidential 12 © FIDO Alliance 2024 Confidential 12 Get all the guidelines! fidoalliance.org/newsletter-sign-up Identiverse May 28th @fidoalliance

14. © FIDO Alliance 2024 Confidential 14 ● Contact a vendor ● Subscribe to FIDO-dev ● Attend Authenticate ● You’re already here … ● Create a proof of concept ● Build a branded prototype Get involved Leverage guidelines Continue the journey

Design Guidelines for Passkeys 2024.pptx

Recommended

Recommended

More Related Content

Similar to Design Guidelines for Passkeys 2024.pptx

Similar to Design Guidelines for Passkeys 2024.pptx (20)

More from FIDO Alliance

More from FIDO Alliance (20)

Recently uploaded

Recently uploaded (20)

Design Guidelines for Passkeys 2024.pptx