SlideShare a Scribd company logo
1 of 23
Download to read offline
© FIDO Alliance 2024
1 © FIDO Alliance 2024 Confidential
1
Passkey Providers and
Enabling Portability
Rew Islam, Dashlane
© FIDO Alliance 2024
2
Rew Islam
Dashlane
Co-chair of the FIDO Credential Provider
Special Interest Group
FIDO Board Member representative
Working on all things passwordless
© FIDO Alliance 2024
3
© FIDO Alliance 2024
4
Chat:
BadActor6324: Hey
InnocentVictim234: Hello
BadActor6324: Do you want a free upgrade?
InnocentVictim234: Errr… ok… why not…
BadActor6324: Try this, it works! https://www-
roblox.com/upgrade
InnocentVictim234: Lemme try…
© FIDO Alliance 2024
5
© FIDO Alliance 2024
6
roblox.com
www-roblox.com
😱 😭
© FIDO Alliance 2024
7
7
✅ No shared secrets
✅ Origin binding
✅ Universal availability
© FIDO Alliance 2024
8
© FIDO Alliance 2024
9
Flavours of passkeys 🍦
Synced passkeys Local device passkeys Security Keys
© FIDO Alliance 2024
10
Flavours of passkeys 🍦
Synced passkeys Local device passkeys Security Keys
Third party providers
iCloud Keychain
Google Password
Manager
Windows Hello
(Chrome on macOS)
Yubikeys
Thales SafeNet keys
Google Titan keys
© FIDO Alliance 2024
11
Credential providers Platform vendors Security keys
Passkey providers 📦
© FIDO Alliance 2024
12
Platform pluggability
iOS, macOS (Safari)
Android
Browser extensions
Chrome
Firefox
Edge
© FIDO Alliance 2024
13
Export Import
© FIDO Alliance 2024
14
© FIDO Alliance 2024
15
All credential providers allow export/import of passwords
⚠️ Export file is in plaintext
⚠️ No agreed format
⚠️ No support for synced passkey export today
Credential portability today
© FIDO Alliance 2024
16
⏺ Accommodate both consumer and enterprise use cases
⏺ Export must be encrypted
⏺ Common data format
Enterprise
Consumer
Design goals
© FIDO Alliance 2024
17
Inspired by
Diffie–Hellman
key exchange
Secret Secret
© FIDO Alliance 2024
18
9:42 🔋📶
Import passwords and
passkeys from another
provider
Import
Skip
9:42 🔋📶
Import passwords and
passkeys from another
provider
Import
Skip
Import from
1Password
Another device…
Dashlane
9:42 🔋📶
Do you want to export
your passwords ?
Export
Skip
9:42 🔋📶
Your passwords and
passkeys were imported
successfully!
Close
1 2 3 4
© FIDO Alliance 2024
19
9:42 🔋📶
Import passwords and
passkeys from another
provider
Import
Skip
Import from
1Password
Another device…
Dashlane
⏺ Export encrypted ✅
⏺ Common data format ✅
⏺ Accommodates enterprise use cases ✅
Secure credential portability standards
© FIDO Alliance 2024
20
Exchange Data
Format
Credential
Exchange Protocol
Secure credential portability standards
© FIDO Alliance 2024
21
21
Phishing Passkey flavours
&
provider
landscape
Secure
migration
Wrap up…
🍦
🍦
🍦
© FIDO Alliance 2024
22 © FIDO Alliance 2024 Confidential
22
Questions & Answers
© FIDO Alliance 2024
23 © FIDO Alliance 2024 Confidential
23
Thank you

More Related Content

Similar to Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
FIDO Alliance
 

Similar to Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx (20)

Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
GameLab - Developing Crossplatform Games in HTML5 and Java
GameLab - Developing Crossplatform Games in HTML5 and JavaGameLab - Developing Crossplatform Games in HTML5 and Java
GameLab - Developing Crossplatform Games in HTML5 and Java
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and Status
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletFIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO Authentication
 

More from LoriGlavin3

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
 

More from LoriGlavin3 (7)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptxFIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
 

Recently uploaded

“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

  • 1. © FIDO Alliance 2024 1 © FIDO Alliance 2024 Confidential 1 Passkey Providers and Enabling Portability Rew Islam, Dashlane
  • 2. © FIDO Alliance 2024 2 Rew Islam Dashlane Co-chair of the FIDO Credential Provider Special Interest Group FIDO Board Member representative Working on all things passwordless
  • 4. © FIDO Alliance 2024 4 Chat: BadActor6324: Hey InnocentVictim234: Hello BadActor6324: Do you want a free upgrade? InnocentVictim234: Errr… ok… why not… BadActor6324: Try this, it works! https://www- roblox.com/upgrade InnocentVictim234: Lemme try…
  • 6. © FIDO Alliance 2024 6 roblox.com www-roblox.com 😱 😭
  • 7. © FIDO Alliance 2024 7 7 ✅ No shared secrets ✅ Origin binding ✅ Universal availability
  • 9. © FIDO Alliance 2024 9 Flavours of passkeys 🍦 Synced passkeys Local device passkeys Security Keys
  • 10. © FIDO Alliance 2024 10 Flavours of passkeys 🍦 Synced passkeys Local device passkeys Security Keys Third party providers iCloud Keychain Google Password Manager Windows Hello (Chrome on macOS) Yubikeys Thales SafeNet keys Google Titan keys
  • 11. © FIDO Alliance 2024 11 Credential providers Platform vendors Security keys Passkey providers 📦
  • 12. © FIDO Alliance 2024 12 Platform pluggability iOS, macOS (Safari) Android Browser extensions Chrome Firefox Edge
  • 13. © FIDO Alliance 2024 13 Export Import
  • 14. © FIDO Alliance 2024 14
  • 15. © FIDO Alliance 2024 15 All credential providers allow export/import of passwords ⚠️ Export file is in plaintext ⚠️ No agreed format ⚠️ No support for synced passkey export today Credential portability today
  • 16. © FIDO Alliance 2024 16 ⏺ Accommodate both consumer and enterprise use cases ⏺ Export must be encrypted ⏺ Common data format Enterprise Consumer Design goals
  • 17. © FIDO Alliance 2024 17 Inspired by Diffie–Hellman key exchange Secret Secret
  • 18. © FIDO Alliance 2024 18 9:42 🔋📶 Import passwords and passkeys from another provider Import Skip 9:42 🔋📶 Import passwords and passkeys from another provider Import Skip Import from 1Password Another device… Dashlane 9:42 🔋📶 Do you want to export your passwords ? Export Skip 9:42 🔋📶 Your passwords and passkeys were imported successfully! Close 1 2 3 4
  • 19. © FIDO Alliance 2024 19 9:42 🔋📶 Import passwords and passkeys from another provider Import Skip Import from 1Password Another device… Dashlane ⏺ Export encrypted ✅ ⏺ Common data format ✅ ⏺ Accommodates enterprise use cases ✅ Secure credential portability standards
  • 20. © FIDO Alliance 2024 20 Exchange Data Format Credential Exchange Protocol Secure credential portability standards
  • 21. © FIDO Alliance 2024 21 21 Phishing Passkey flavours & provider landscape Secure migration Wrap up… 🍦 🍦 🍦
  • 22. © FIDO Alliance 2024 22 © FIDO Alliance 2024 Confidential 22 Questions & Answers
  • 23. © FIDO Alliance 2024 23 © FIDO Alliance 2024 Confidential 23 Thank you