GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication
For IT leaders, passwords no longer cut it. They’re expensive, difficult for employees to keep track of, and easy for hackers to utilize in cyberattacks. So why are they still around?
Related: IT pros support passwordless access
This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming.
That’s why the work of the FIDO Alliance is essential. They are working to enable the transition away from passwords with open standards that are more secure than passwords or SMS OTPs, and easier for IT teams to deploy and for end users to manage.
Lowering password use
The FIDO Alliance is an open industry association with the mission of reducing our reliance on passwords. It supports standards that make implementing newer, stronger authentication methods possible for businesses.
As part of this mission, the FIDO Alliance has published three sets of authentication specifications: FIDO Universal Second Factor, FIDO Universal Authentication Framework, and FIDO2. FIDO2 has become a major focus for IT leaders on their transition to passwordless. It enables end users to authenticate to online sites and applications both on mobile and desktop through WebAuthn and CTAP.
FIDO2 is highly secure, utilizing cryptographic keys to ensure user privacy across websites and eliminate the risks of phishing or password theft. It’s also convenient thanks to multi-factor authentication – IT teams can require their users to log in with biometrics, mobile authentication, or FIDO security keys such as YubiKeys.
Audebert
FIDO2 is highly valuable for the authentication landscape in part because it encourages the use of strong embedded credentials that improve the user experience while providing high levels of security.
These embedded credentials are integrated into a user’s phone or workstation, so they don’t require a separate device. They are increasingly popular due to their convenience for users, the reduced likelihood that they are misplaced or stolen, and their low cost compared to other credential options.
Why join the Alliance
Here at Axiad, we are thrilled to officially join the FIDO Alliance. Our vision to make passwordless simple for our enterprise customers is realized by their standards and their support. We know that passwordless authentication is a goal of many IT leaders, but can be challenging if solutions are not user-friendly. The FIDO2 standard will help enterprises put the focus back on their users and support them with simple and secure credentials.
While these FIDO2 credentials are essential for passwordless, the standard doesn’t yet resolve all the authentication issues for today’s enterprise. With machines and devices on a business’s network rapidly growing, it’s essential to verify each of these identities. As digital communication such as email and virtual document signing have increased, digital signature to secure these interactions is also required. Today these additional authentication needs can’t be addressed with FIDO2.
We’re eager to partner with the FIDO Alliance to show the value of a complementary FIDO2 and PKI deployment. PKI allows businesses to authenticate users, machines, and interactions, which means that those gaps in FIDO2 can be secured by PKI technology. At Axiad we offer PKI as a Service as part of our Axiad Cloud platform – this makes PKI simple to deploy and manage without requiring additional IT expertise or on-premises support.
With FIDO2 embedded credentials, additional FIDO2 solutions like YubiKeys, and PKI certificates, many businesses end up with a patchwork of different identity credentials to fully replace passwords. This can be complex for their IT team to deploy and their end users to keep track of. Even if each credential is FIDO2 compliant and easy to use once it’s issued, it can still be frustrating to maintain different platforms for every credential.
This is where our Axiad solution comes in to support users with a smooth transition to passwordless. Axiad Cloud allows users to manage all their credentials in one place – no more switching between platforms, no more hunting in their email for the right link. At Axiad, we want employees to focus on their work and creating value, not struggling with authentication issues. By joining the FIDO Alliance, we look forward to working with our fellow members to make passwordless simple for every user.
About the essayist: Yves Audebert is the Founder, Chairman and Co-CEO of Axiad, a leading provider of cloud-based passwordless authentication and secure interactions for users and machines based in Santa Clara, Calif.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-why-the-fido-alliance-is-essential-to-moving-forward-to-passwordless-authentication/
