Passwords are dying and for good reason: passwords are every organization’s weak link but despite that, many companies still rely on them from a security and operational perspective. With 90% of incidences and security breaches consisting of a phishing element, multi-factor, passwordless authentication is no longer an option — it’s a necessity.
In addition to their inherent security risks, passwords are a drain on the bottom line and productivity. Password resets cost companies an average of $70 each, while 20% to 50% of all help desk calls are for password resets. But as the long-touted dream of a passwordless future has failed to come to fruition, many are left wondering, what exactly are the components of an effective passwordless solution? The answer? FIDO.
What Is FIDO and How Does It Work?
FIDO2 is the term for FIDO Alliance’s newest set of specifications. FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).
How Does FIDO Work?
During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user inserting a uTrust FIDO2 Security Key or pressing the NFC button on the security key.
Top Ten Reasons to Trust FIDO
- Based on public-key cryptography (keys stay on the device)
- No server-side shared secrets to steal
- Protects against phishing, man-in-the-middle, and replay attacks
- No linkability between services or accounts and no third party in the protocol
- Lower development/maintenance costs and little-to-no provisioning costs
- Faster time to market, user-friendly, and future-proof
- Lower breach risks, potential damages, and password reset costs
- Supports both contact (USB A/C) and contactless (NFC) use cases
- Multi-protocol FIDO U2F, FIDO2, smart card (PIV), and OTP support
- Trade Agreements Act (TAA)-compliant and made in the U.S.A.
Instituting FIDO opens the door for organizations to marry security priorities with user experience: while many IT teams express frustration at employees using the same password across several applications, employees often chafe at having to remember multiple passwords that must be changed often. FIDO allows for better security and eliminates passwords, a win-win for all involved.
Whether you’re an individual, business, or government entity deploying access control, Identiv FIDO solutions can help. Learn more about Identiv’s uTrust FIDO2 Security Keys and contact us today at firstname.lastname@example.org or +1.888.809.8880.