Executive Director and Chief Marketing Officer of FIDO Alliance, Andrew Shikiar updates viewers on the State of FIDO.

1. The State of FIDO
IDENTIVERSE
June 26, 2019
Andrew Shikiar
Executive Director & CMO
FIDO Alliance

2. In the beginning
FIDO in today’s ecosystem
The future of FIDO Authentication

3. In the beginning

4. + Sponsor members + Associate members + Liaison members
An industry movement to solve the
password problem

5. (Not) breaking news: Passwords suck
credentials
stolen in
2017 alone
(Shape Security)
2.3 billion
cost to U.S.
businesses
each year
(Shape Security)
$5 billion
36% rise
in phishing
attacks
in 2018
(Webroot)
1,244
breaches in 2018, a 126% jump
in exposed records containing PII
(Identity Theft Resource Center 2018 Breach Report)
51%
of passwords
are reused
across services
(University of Oxford)
collectively spent by
humans each day entering
passwords
(Microsoft)
1,300 years
e-commerce sites’
attempted log-ins
are compromised
by stuffing
(Shape Security)
80-90%
Password-driven cart
abandonment rate
(Visa)
49%
Of IT leaders re-use a
single password
(Sailpoint)
55%
Of helpdesk calls are
for password resets
(Forrester)
20-50%

6. (Not) breaking news: Passwords suck
credentials
stolen in
2017 alone
(Shape Security)
2.3 billion
cost to U.S.
businesses
each year
(Shape Security)
$5 billion
36% rise
in phishing
attacks
in 2018
(Webroot)
1,244
breaches in 2018, a 126% jump
in exposed records containing PII
(Identity Theft Resource Center 2018 Breach Report)
51%
of passwords
are reused
across services
(University of Oxford)
collectively spent by
humans each day entering
passwords
(Microsoft)
1,300 years
e-commerce sites’
attempted log-ins
are compromised
by stuffing
(Shape Security)
80-90%
Password-driven cart
abandonment rate
(Visa)
49%
Of IT leaders re-use a
single password
(Sailpoint)
55%
Of helpdesk calls are
for password resets
(Forrester)
20-50%
OF PEOPLE HAVE FELT STRESSED OR ANNOYED
AS A RESULT OF FORGETTING THEIR PASSWORD
(Okta)
62%

7. Risk-BasedStrong
Modern Authentication
H3a4
Device & User Verification
and Onboarding
Authentication
Federation
Passwords
A narrow scope to address the problem
Single
Sign-On

8. Industry imperative: Simpler and
stronger
Security
Usability
Poor Easy
WeakStrong
=
Single Gesture
Possession-based Authentication
Open standards for simpler,
stronger authentication using
public key cryptography

9. Backed by certification
• Ensures conformance & interoperability
• Rapid growth (600+ certified solutions) shows vendor
coalescence around FIDO
• Helps service providers realize benefit of open standards

10. • 85,000+ employees
• 0 successful ATOs from phishing since
rollout of FIDO Security Keys in 2017
First mobile network operator to deploy FIDO
Authentication, enabling a passwordless
future for 78 million users in Japan.
OTHER DEPLOYMENTS (sample)
Adoption & growth – case studies
Friday 10:30 – 11:20 Georgetown
Our panel of experts will share their experiences of deploying
FIDO solutions at scale. Come and find out how it’s done!
MFA for Real – Reports from the Field

11. The next step for mass adoption (2015)
Make FIDO a standard feature across browsers, platforms & devices

12. The next step for mass adoption (2015)
Make FIDO a standard feature across browsers, platforms & devices
+

13. The web standard for strong authentication (2019)
FIDO2
CTAP WebAuthn

14. FIDO in today’s ecosystem

15. FIDO2 cross-platform support
Hello

16. Security
Certification
Biometric
Certification
Assure that Authenticator Secrets
are safe on All FIDO Implementation
Types based on Third-Party Laboratory
verification of FIDO Security
Requirements in coordination with
existing Security Programs
First of its kind program to
empirically validate biometrics
through Third-Party Labs
and assure that they Correctly
Identify Users Regardless of
Biometric Modality on All FIDO
Implementation Types
FIDO2
Certification
Measure compliance and ensure
interoperability among products and
services that support FIDO2.
Launch of new certification programs

17. Standardization across other
organizations
WebAuthn meets
W3C Final
Recommendation
FIDO CTAP and
FIDO UAF are
ITU standards
ISO 27553,
29115 engagement

18. FIDO2 deployments (sample)

19. The future of FIDO Authentication

20. Informational
materials
Further enabling the ecosystem
Focus: Developer community
Developer
library
Workshops Hackathons

21. InternetofThingsIDVerification
Still… gaps in adjacent areas need to be
filled for FIDO mission to be realized
Only 9% of companies warn
employees about IoT risks
6 ways smart devices can
be hacked
Hackers used new weapons to
disrupt major websites across U.S.
How to protect your business
from account takeover attacks:
3 tips
Third party data breach
hits Quest Diagnostics with
12 million confidential patient
records exposed
Here’s the best way to protect your
accounts from hacker takeovers

22. Our plan to fill these gaps: new work areas
Device & User Verification
and Onboarding
Authentication
Federation
Single
Sign-On
Strengthen identity verification assurance
to support better account recovery
Automate secure device onboarding to
remove password use from IoT.

23. MISSION:
Provide authoritative guidance and solution certification programs for possession-based
identity verification procedures. This includes (but is not limited to) government-issued
identity document authentication and biometric “selfie” matching.
ACTIVITIES:
IDWG will:
• Define criteria for solution performance
• Collaborate with the FIDO Certification Working Group
(CWG) and Certification Secretariat to deploy a program
to support the adoption of that criteria
• Produce best practices and market awareness
New work areas
Identity Verification and Binding Working Group (IDWG)

24. MISSION:
Provide a comprehensive authentication framework for IoT devices in keeping with the
fundamental mission of the FIDO Alliance – passwordless authentication.
ACTIVITIES:
Develop use cases, target architectures, and specifications covering the following topics:
• IoT Device Attestation/Authentication profiles to enable interoperability between relying
parties and IoT devices
• Automated onboarding, and binding of applications and/or users to IoT devices
• IoT device authentication and provisioning via smart routers and IoT hubs
• Gap analysis and extensions/modifications (where necessary) of existing FIDO specifications
related to IoT authentication, platforms and protocols
New work areas
IoT Technical Working Group (IoT TWG)

25. The Future of User Authentication
FIDO Authentication is the industry’s answer to the password problem
INDUSTRY SUPPORT
FIDO represents the
efforts of some of the
world’s largest
companies whose very
businesses rely upon
better user
authentication
THOUSANDS OF
SPEC DEVELOPMENT
HOURS
Now being realized in
products being used
every day
ONGOING
INNOVATION
Specifications,
certification programs,
and deployment
working groups
establishing best
implementation
practices
ENABLEMENT
Leading service
providers representing
billions of user
identities are already
FIDO-enabling their
authentication
processes

26. Get involved in the FIDO ecosystem
@FIDOALLIANCE
WWW.FIDOALLIANCE.ORG
Andrew Shikiar
andrew@fidoalliance.org