Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
The FIDO Alliance was launched with the audacious goal – to move the entire world away from usernames, passwords, and traditional multi-factor authentication to a much simpler and stronger way to log in with FIDO. It’s now 2021, so … are we there yet?
Join us for a webinar to take a look at the past year’s progress, and see what’s next. Our executive director and CMO Andrew Shikiar and our director of standards development David Turner will be on the line to take your questions – ask us anything!
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletIdentity Days
L’authentification sans mot de passe est en passe devenir réalité. En effet, Azure AD propose le support des clés de sécurité FIDO2 pour s’authentifier. Connaissez-vous le projet FIDO2 et l’authentification sans mot de passe ? Savez-vous que Windows Hello est un authentificateur FIDO2?
Au cours de cette session, découvrez FIDO2 et les étapes pour aller vers un monde sans mot de passe.
E-Lock AdaptAuth is an AI-powered, Adaptive, Multi-factor Authentication solution that provides an advanced layer of protection in the form of Adaptive MFA. Adaptive authentication utilizes information such as IP addresses, geo-locations, device signatures and user behavior patterns to assess the risk and accordingly adapts the authentication flow.This is achieved by building a risk profile for every user by analyzing past authentication attempts and behavioral patterns. The extent of deviation from such patterns invokes additional MFA factors until desired levels of identity assurance are achieved.
Capabilities provided by AdaptAuth:
Basic Authentication
Two-factor authentication- App based OTP, Email/SMS OTP, Digital Certificate, Fingerprint, FIDO2 authentication
Multi-factor Authentication
Adaptive Authentication
Single-Sign on
The FIDO Alliance Today: Status and NewsFIDO Alliance
The FIDO Alliance invites you to learn how simplify strong authentication for web services.
This presentation was part of our FIDO Alliance Seminar in Tokyo, Japan, in November, 2015.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
Andrew Shikiar, Executive Director & CMO of the FIDO Alliance outlines what FIDO has achieved in the last 7 years, how the market is adopting FIDO, and new expanded work areas focusing on identity verification and binding and the Internet of Things.
Introduction to FIDO Biometric AuthenticationFIDO Alliance
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
An overview of the Alliance, the problem we are addressing the password problem, how FIDO is addressing it, the new ecosystem we are creating and the road ahead.
HYPR: The Leading Provider of True Passwordless Security®HYPR
Passwords and shared secrets are the #1 cause of breaches. But despite millions of dollars invested in authentication, your users still log in with passwords each day.
Backed by Comcast, Mastercard and Samsung, the HYPR cloud platform is designed to eliminate passwords and shared secrets across the enterprise. By replacing passwords with Public Key Encryption, HYPR removes the hackers’ primary target - forcing them to attack each device individually. With HYPR, businesses are finally able to deploy Desktop MFA and Strong Customer Authentication to millions of users worldwide.
Welcome to #ThePasswordlessCompany.
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
The Death of 2FA and the Birth of Modern AuthenticationSecureAuth
The definitions for two-factor authentication (2FA) or multi-factor authentication (MFA) were born in a different 'day' and based upon technology and approaches that are 20 years old. However, technology has changed. Connectivity has been dramatically improved. Mobility and cloud have considerably increased the number of use cases for authentication. So, our definition of and expectations for authentication also need to change.
Keith Graham, CTO of SecureAuth, and Frank Dickson, Research Director at IDC, cover:
- The death of 2FA, and why it is not enough or even too much
- Looking beyond 2FA to increase security and usability
- Modern authentication best practices
- How modern authentication can take you passwordless
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
The FIDO Alliance was launched with the audacious goal – to move the entire world away from usernames, passwords, and traditional multi-factor authentication to a much simpler and stronger way to log in with FIDO. It’s now 2021, so … are we there yet?
Join us for a webinar to take a look at the past year’s progress, and see what’s next. Our executive director and CMO Andrew Shikiar and our director of standards development David Turner will be on the line to take your questions – ask us anything!
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletIdentity Days
L’authentification sans mot de passe est en passe devenir réalité. En effet, Azure AD propose le support des clés de sécurité FIDO2 pour s’authentifier. Connaissez-vous le projet FIDO2 et l’authentification sans mot de passe ? Savez-vous que Windows Hello est un authentificateur FIDO2?
Au cours de cette session, découvrez FIDO2 et les étapes pour aller vers un monde sans mot de passe.
E-Lock AdaptAuth is an AI-powered, Adaptive, Multi-factor Authentication solution that provides an advanced layer of protection in the form of Adaptive MFA. Adaptive authentication utilizes information such as IP addresses, geo-locations, device signatures and user behavior patterns to assess the risk and accordingly adapts the authentication flow.This is achieved by building a risk profile for every user by analyzing past authentication attempts and behavioral patterns. The extent of deviation from such patterns invokes additional MFA factors until desired levels of identity assurance are achieved.
Capabilities provided by AdaptAuth:
Basic Authentication
Two-factor authentication- App based OTP, Email/SMS OTP, Digital Certificate, Fingerprint, FIDO2 authentication
Multi-factor Authentication
Adaptive Authentication
Single-Sign on
The FIDO Alliance Today: Status and NewsFIDO Alliance
The FIDO Alliance invites you to learn how simplify strong authentication for web services.
This presentation was part of our FIDO Alliance Seminar in Tokyo, Japan, in November, 2015.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
Andrew Shikiar, Executive Director & CMO of the FIDO Alliance outlines what FIDO has achieved in the last 7 years, how the market is adopting FIDO, and new expanded work areas focusing on identity verification and binding and the Internet of Things.
Introduction to FIDO Biometric AuthenticationFIDO Alliance
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
An overview of the Alliance, the problem we are addressing the password problem, how FIDO is addressing it, the new ecosystem we are creating and the road ahead.
HYPR: The Leading Provider of True Passwordless Security®HYPR
Passwords and shared secrets are the #1 cause of breaches. But despite millions of dollars invested in authentication, your users still log in with passwords each day.
Backed by Comcast, Mastercard and Samsung, the HYPR cloud platform is designed to eliminate passwords and shared secrets across the enterprise. By replacing passwords with Public Key Encryption, HYPR removes the hackers’ primary target - forcing them to attack each device individually. With HYPR, businesses are finally able to deploy Desktop MFA and Strong Customer Authentication to millions of users worldwide.
Welcome to #ThePasswordlessCompany.
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
The Death of 2FA and the Birth of Modern AuthenticationSecureAuth
The definitions for two-factor authentication (2FA) or multi-factor authentication (MFA) were born in a different 'day' and based upon technology and approaches that are 20 years old. However, technology has changed. Connectivity has been dramatically improved. Mobility and cloud have considerably increased the number of use cases for authentication. So, our definition of and expectations for authentication also need to change.
Keith Graham, CTO of SecureAuth, and Frank Dickson, Research Director at IDC, cover:
- The death of 2FA, and why it is not enough or even too much
- Looking beyond 2FA to increase security and usability
- Modern authentication best practices
- How modern authentication can take you passwordless
Similar to Intro to Passkeys and the State of Passwordless.pptx (20)
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
We’ve been talking about the password problem for so long now I feel like we’ve actually lost sight of how LARGE of a problem it really is – instead focusing on all of the great benefits of unphishable FIDO-based MFA (rightly).
That being said, 2FA certainly is out there and yes, is much better than a password alone. But legacy forms of 2FA really are just bandaids to try and stem the damage from the flawed primary factor.
And it’s little wonder that we’re seeing damaing MFA bypass attacks that leverage a combination of social engineering and traditional phishing to access enterprise systems and/or user accounts.
We saw this coming last year and were sadly correct. I think that on the consumer side in 2023 Smishing will really go mainstream at least here in the US – and will be hugely damaging
We’ve been talking about the password problem for so long now I feel like we’ve actually lost sight of how LARGE of a problem it really is – instead focusing on all of the great benefits of unphishable FIDO-based MFA (rightly).
But the fact of the matter is that MFA adoption has lagged – especially for consumers. Part of this is lack of will by RPs, but it’s mainly IMO an issue of usability and ease of access.
These stats are a little old tbh, we saw phishing rise during covid, and now we are seeing phishing become even easier thanks to generative AI
54% of people have noticed an increase in suspicious messages and scams online, while 52% believe these have become more sophisticated.
We always need a device in the middle, we call this the authenticator
Step 1 - Local interaction between the user and authenticator – we call this user verification
On the front end, we are very flexible – we require some user gesture and that gesture is verified by the authenticator directly
Facial recognition, local PIN entry, security key – but we will talk more about the user experience in a minute
Step 2:
Once the user is verified by the authenticator, which lives on your personal device, the authenticator then authenticates you to the service. Not using your information or the evidence of who you are, but actually using public key cryptography.
What’s beautiful about public key cryptography is you don’t ever have to give away your private key (your secret), with asymmetric cryptography – which is what we use – you use that private key to sign a challenge : proof of possession that you have the right private key. The service provider verifies that it is correct with the corresponding public key. Unique key pairs for each service – this is essential for privacy. No global identifiers with FIDO.
Simple change of architecture turns the model upside down.
The only thing now that is stored on a server are the public keys, which aren’t useful for scalable attack.
We always need a device in the middle, we call this the authenticator
Step 1 - Local interaction between the user and authenticator – we call this user verification
On the front end, we are very flexible – we require some user gesture and that gesture is verified by the authenticator directly
Facial recognition, local PIN entry, security key – but we will talk more about the user experience in a minute
Step 2:
Once the user is verified by the authenticator, which lives on your personal device, the authenticator then authenticates you to the service. Not using your information or the evidence of who you are, but actually using public key cryptography.
What’s beautiful about public key cryptography is you don’t ever have to give away your private key (your secret), with asymmetric cryptography – which is what we use – you use that private key to sign a challenge : proof of possession that you have the right private key. The service provider verifies that it is correct with the corresponding public key. Unique key pairs for each service – this is essential for privacy. No global identifiers with FIDO.
Simple change of architecture turns the model upside down.
The only thing now that is stored on a server are the public keys, which aren’t useful for scalable attack.
We surveyed 2k people across the US and UK and found that people continue to struggle with traditional passwords
As these struggles continue, more consumers are aware of passkeys and trying them out as a password alternative.
The data reveals a positive trend: when people adopt at least one passkey, they are more likely to enable the technology on other applications to improve convenience and security online
Last Thursday was World Password Day. We just spent all this time talking about passkeys, and yet we’re still celebrating a holiday focused on passwords. We are constantly asked “When will we REALLY kill the password?” The answer is: When the use of passkeys outweighs the use of passwords. Ok, but when will that be? [CLICK]
This year we are another step closer to that goal. Microsoft rolled out passkeys to all of its user accounts. [CLICK]
And Google shared an incredible update that more than 400 MILLION accounts are now protected by passkeys – and passkeys have been used more than 1 BILLION times.
Not to mention countless other FIDO Members who launched data, news, and campaigns promoting their successes and endorsements of passkeys.
At this point I think it’s safe to say we’re ready to ditch World PASSWORD day in favor of something new - [CLICK] World PASSKEY Day. We look forward to seeing you all celebrate and launch campaigns around that one next year.
But overall, the progress with passkeys has been nothing short of phenomenal
It started with PayPal and a few other services on in Q4, and then really picking up steam as passkey support was live across Google platforms by early 2023.
To the point now where we have brands such as these – and surely many more – that are all moving their consumers away from passwords, and towards passkeys.
These are some of the brands that are already enabling passkey sign-ins. These include leading payment and ecommerce services telecom and more.
Perhaps most notably Google a few months ago enabled anyone with a Google account to enroll a passkey associated with that account that means that billions the consumers now have the ability to use past keys instead of passwords for Google services such as Gmail - and also for sites that support Google social sign in.
Look in the news and you’ll see passkeys reaching far and wide in the industry. Deployments and commitments, products, services. Even password managers, who many thought would be displaced by this development, are embracing it and making it their new business model.
FIDO has provided ROI since its earliest implementations, and synched passkeys fully unlock that capability at scale.
- several case studies this week where you can hear directly from practitioners, but some examples include [click]
Air New Zealand [click]
This data from Google: passkeys instead of passwords for google account. They are seeing four times the sign in success vs passwords. 4x. And in half the time [click]
Mercari is using passkeys as an MFA improvement over sms otp – they’re finding 21% sign-in improvement with a 75% time reduction [click]
And of course FIDO is used extensively in the workforce –
- HYPR /Forrester study found over 300% ROI due to massive reduction of password utilization
- which led to higher employee productivity.
CDS – Canadian Digital Services
We also need to reframe the way regulators contemplate authentication
EVERYONE’s frame of reference has always been to figure out how to mitigate the fundamental weakness of passwords – passkeys present a whole new paradigm for authentication
And we’re grateful that NIST is consideraign synced credentials for 800-63-4 – and we’ll be undertaking similar efforts with key regulations o
We are expecting that as PSD2 is revised, we will have more to report on ways to address compliance and hope to continue to have the opportunity to share updates and engage.
We hope that DG FISMA will consider the importance of phishing-resistant authentication in any PSD2 revision – as well as consider alternative authentication models in SCA requirements that can enable better security and better user experience.
Zooming back out, we realize that “identity” = more than just authentication
It really starts with enrollment – and we need that to be possession-based as well. Specifically, replacing knowledge-based authn with possession-based approaches that leverage certified doc authn and livendess detection
And we know that recovery is a major vector for ATOs