FIDO in Practice

FIDO2: The Train is Leaving the Station

The FIDO Alliance is working to change the nature of authentication with open standards that are more secure than passwords, simpler for consumers to use, and easier for service providers to deploy and manage. While initially focused on the consumer space FIDO2 holds advantages for the enterprise willing to break the mould on legacy authentication models.

This session will look at the components of a FIDO2 environment and investigate the options for FIDO deployments. A view of the possible future of FIDO will be discussed.

Enforce a faster sign-in with Biometrics and Pin – even for legacy apps of a DAX company

Join this session if you want to learn how a globally operating science and technology company introduced a faster and phishing-resistant sign-in – driven by the open-industry standard FIDO.

Employees use Biometrics or Pin, instead of Password & SMS, Call or App.

A “Detached Authentication” feature enables apps without FIDO/WebAuthn support and allow us to globally enforce the phishing-resistant sign-in – without fallback to other MFA methods.

Identity Verification is required for the registration and recovery of Biometrics or Pin. SaaS or self-developed identity verification methods can be used and combined.

The infrastructure for authentication and registration of Biometrics and Pin runs in a self-hosted environment. It allows us to stay true to our principles: Own Identities, Credentials and Authentication.

# What makes it unique

• Biometrics or Pin of laptop & mobile phones for sign-in, Security Keys only for special use cases
• Chained Identity Verification for registration & recovery of Biometrics and Pin
• “Detached Authentication” for applications without WebAuthn-support
• Global enforcement of Biometrics and Pin, without fallback to SMS, Call or App
• Self-hosted credentials and authentication available for multiple IdPs

FIDO for the Enterprise - Challenges & Rewards