Updates & Overview

FIDO ALLIANCE: UPDATES & OVERVIEW

BRETT MCDOWELL EXECUTIVE DIRECTOR

FIDO board members include leading global brands and technology providers

+ SPONSOR MEMBERS + ASSOCIATE MEMBERS + LIAISON MEMBERS

2 All Rights Reserved | FIDO Alliance | Copyright 2017 THE WORLD HAS A PASSWORD PROBLEM 81% Data breaches in 65% 2016 that involved Increase in 1,093 weak, default, or phishing attacks Breaches in 2016, 1 stolen passwords over the number of a 40% increase attacks recorded over 20153 in 20152

CLUMSY | HARD TO REMEMBER | NEED TO BE CHANGED ALL THE TIME

1Verizon 2017 Data Breach Report |2Anti-Phishing Working Group | 3Identity Theft Resource Center 2016

ONLINE CONNECTION

The user authenticates themselves online by presenting a human-readable “shared secret”

LOCAL CONNECTION

The user authenticates “locally” to their device (by various means)

The device authenticates the user online using public key cryptography

ONLINE CONNECTION

Reduces reliance on Single gesture Works with commonly Same authentication Fast and convenient complex passwords to log on used devices on multiple devices

Based on public No link-ability between key cryptography services or accounts

Biometrics, if used, Keys stay never leave device on device

No server-side No 3rd party in shared secrets the protocol

343 304

253 216 254

162

108 74 62 89 32

Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16 Dec-16 May-17

AVAILABLE TO PROTECT 3.5 BILLION+ ACCOUNTS WORLDWIDE

FIDO 1.1 CTAP* WebAuthn* (FIDO UAF (FIDO) (FIDO+W3C) FIDO U2F)

World Wide Web Consortium (W3C) developing a Web Authentication specification based on 3 FIDO Alliance technical Standard web API enables specifications web apps to move beyond passwords and offer FIDO strong authentication Sets model for native across all web browsers platforms to follow and web platforms

• CTAP expands browsers and operating systems ability to talk to external authenticators like USB keys, NFC and Bluetooth-enabled devices

• Use a wearable or mobile device, for example, to log in to a computer, tablet, IoT device, etc.

• Removes requirement to re-register on every device

FIDO standards provide support for user-friendly, privacy-aware user experiences across platforms to meet varying requirements

PASSWORDLESS EXPERIENCES SECOND FACTOR EXPERIENCES • Biometrics authn via mobile device • External token to PC (USB, BLE) • Biometric authn via PC • External token to mobile device (NFC/BLE) • Biometrics authn to PC via mobile device • Embedded second factor on PC

FIDO specifications offer governments newer, better options for strong authentication – but governments may need to update some policies to support the ways in which FIDO is different

POLICY CHANGES ARE HAPPENING TODAY: Example 1: U.S. NIST/OMB guidance Example 2: European Banking Authority’s PSD2 Example 3: e-IDAS Example 4: Taiwan’s Guideline for e-Banking Security Control Example 5: South Korea

As technology evolves, policy needs to evolve with it.

Build FIDO Certified Solutions Deploy

Join the Alliance Take Part in FIDO Events

www.fidoalliance.org

BRETT MCDOWELL, EXECUTIVE DIRECTOR [email protected]