Here?s to FIDO Alliance: In Praise of Authentication Protocols

At RSA, we take our commitment to delivering “Authentication Your Way” very seriously. After all, the more choices of authentication methods available to you, the easier it’s going to be to find exactly the right ones to meet your business needs and match your users’ preferences. That’s why we’re excited about working with the Fast Identity Online (FIDO) Alliance to develop and promote the adoption of innovative new authentication standards and capabilities.

The FIDO Alliance’s mission is, in its own words, to “change the nature of online authentication,” largely through technology that allows organizations to rely less on passwords for authentication. The alliance offers different types of user experiences to meet a variety of needs; RSA SecurID® Access supports the FIDO Second Factor Experience using FIDO Universal Second Factor (U2F) authenticators. It allows enterprises to add a strong second authentication factor to their existing password infrastructures in order to secure access to their on-premises and cloud applications.

Enabling More Choices for RSA Customers
We’re committed to offering RSA customers more ways for users to authenticate to resources, and we’re pleased that the FIDO Alliance enables us to provide yet another authentication choice in addition to push to approve, biometrics, SMS and proximity authentication, as well as hardware and software tokens. RSA SecurID Access determines which methods users are allowed to use for any particular access attempt based on risk assessment and customer defined policies. The FIDO Second Factor Experience is a particularly compelling choice for organizations with partners and independent contractors who need secure access to sensitive resources and data, because it provides the option for external users to easily source authentication tokens and self-register them for use.

Making Public Key Cryptography Practical
Technology specifications developed by the FIDO Alliance make it possible to easily incorporate strong public key cryptography in large-scale consumer applications. Not surprisingly, companies in consumer banking and payments were among the first adopters, along with insurance and healthcare organizations. Now, these specifications are increasingly being adopted for other use cases where security and scalability are high priorities.

FIDO-based transactions are attractive because they’re securely encoded and rely on cryptographic keys that stay on the user’s device, so they’re not vulnerable to server-side credential theft. By design, the FIDO protocol protects against phishing, man-in-the-middle and replay attacks. Additionally, it is compatible with existing federation and single sign-on (SSO) protocols such as SAML and OpenID Connect. Organizations that invested in federation protocols for business-to-employee (B2E) and business-to-business (B2B) scenarios can take advantage of FIDO specifications to offer stronger and easier means of authenticating users.

An Evolving Set of Authentication Solutions
In addition to the FIDO Second Factor Experience, the FIDO Alliance also offers the FIDO Passwordless Experience, a biometric option based on the Universal Authentication Framework (UAF) protocol. The next evolution of the technology is the FIDO2 standard the alliance is developing in collaboration with the World Wide Web Consortium (W3C) standards organization. FIDO2 will offer even broader browser support. As a result, many major platform and browser vendors, including Google, Microsoft and Mozilla, will soon be introducing new authentication options based on FIDO2 and W3C standards in their browsers and other core products.

As a market leader in multi-factor authentication, RSA is committed to supporting the new FIDO2 standard and providing best practices for FIDO deployment in the enterprise. As a member of the FIDO Alliance Board and chair of its Enterprise Adoption Sub-Group (EASG), I’m personally committed to these goals. I invite you to learn more about FIDO authentication in your own enterprise by viewing Integrating FIDO Authentication and Federation Protocols: Best Practices for Enterprise Deployment, a webinar I recently conducted in association with the FIDO Alliance.


*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Salah Machani. Read the original post at: