FIDO & Passkeys
Combined Session
Friday, June 07, 2024 10:30—11:30
Location: A 05-06
Friday, June 07, 2024 10:30—11:30
Location: A 05-06
FIDO has appeared as a savior for the authentication world, often touted as the gold standard in terms of phishing-resistant MFA, while also offering a more convenient user experience. However, the global adoption by large organizations has been rather slow. Our discussions with some large organizations reveal their concerns around FIDO authenticators' lifecycle that prevents these organizations from fully embracing FIDO as their de facto method of phishing-resistant MFA.
Join us in this session to learn:
- What challenges are faced by IT leaders to deploy FIDO keys in their organization
- What new standards such as CTAP 2.1 bring to the organizations
- How to go beyond the standard: what are the best practices to efficiently and securely deploy and manage your fleet of FIDO keys in the field
In the realm of modern authentication, FIDO and passkeys have launched a new paradigm that is both practical and transformative. Passkey providers have seamlessly integrated the capability to synchronize passkeys across various devices, extending their reach even to different device families. Users enjoy default implementations of passkey providers with each new device, empowering relying parties to leverage passkeys across the multitude of devices.
In contrast, relying parties cannot assume the universal presence of identity wallet functionality on the typical devices used by their customers.
Given the three-year device switch cycle and the concurrent use of multiple devices, cloud storage services have efficiently addressed the migration of standard data between devices. While these services generally have access to data in the clear, they implement safeguards to prevent inadvertent disclosure.
Passkey providers not only synchronize passkeys but also implement robust recovery methods, crucial for scenarios involving the loss or theft of all devices. Similarly, identity wallets, tasked with managing verifiable identity attributes and associated secrets, necessitate safeguards akin to those implemented by passkey providers.
This webinar explores the similarities and differences between passkey providers and identity wallets, offering valuable insights into what identity wallets can glean from the proven methodologies of passkeys.
As part of the revision of the EU common identity framework regulation, also known as eIDAS 2.0, EU Member States will all soon implement a new common structure for electronic credentials based on digital identity wallets. This includes the development of a European Digital Identity (EUDI) wallet.
This wallet can be implemented as a web wallet running in a browser. This means a smartphone is not required to use the wallet – making it inclusive and independent of app stores and phone vendors. Instead of using native APIs to protect cryptographic keys, this web wallet can use FIDO security keys to secure the wallet.
FIDO is a natural fit to secure digital wallets as users are becoming more and more familiar with its associated registration and sign in flows now many websites have adopted passkeys as a means to access their services.
In this session, we will discuss how the wallet works, how FIDO is used to protect the wallet, highlight current use cases of how the wallet is being used by EU member states, and how this model can be replicated in other countries around the world.
