All Rights Reserved | FIDO Alliance | Copyright 20171

INTRODUCTION TO THE FIDO ALLIANCE

BRETT MCDOWELL

EXECUTIVE DIRECTOR

All Rights Reserved | FIDO Alliance | Copyright 20172

AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD

THE WORLD HAS A PASSWORD PROBLEM

All Rights Reserved | FIDO Alliance | Copyright 20173

All Rights Reserved | FIDO Alliance | Copyright 20174

THE WORLD HAS A PASSWORD PROBLEM

Data breaches in

2016 that involved

weak, default, or

stolen passwords1

Increase in

phishing attacks

over the number of

attacks recorded

in 20152

Breaches in 2016,

a 40% increase

over 20153

1Verizon 2017 Data Breach Report |2Anti-Phishing Working Group | 3Identity Theft Resource Center 2016

CLUMSY | HARD TO REMEMBER | NEED TO BE CHANGED ALL THE TIME

81% 65%

1,093

ONE-TIME PASSCODESImprove security but aren’t easy enough to use

Still Phishable

User Confusion

TokenNecklace

SMS Reliability

All Rights Reserved | FIDO Alliance | Copyright 20175

THE “SHARED SECRET”(AKA “WHAT YOU KNOW”)IS BROKEN

WE NEED A NEW AUTHENTICATION MODEL“WHAT YOU HAVE” (+ “WHAT YOU ARE”)

All Rights Reserved | FIDO Alliance | Copyright 20176

All Rights Reserved | FIDO Alliance | Copyright 20177

AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD

All Rights Reserved | FIDO Alliance | Copyright 20178

THE NEW MODEL

open standards forsimpler, stronger authenticationusing public key cryptography

Fast

IDentity

Online

All Rights Reserved | FIDO Alliance | Copyright 20179

THE FACTS ON FIDO

The FIDO Alliance is an open industry association of over 250 organizations with a focused mission:

300+FIDO Certified solutions

3 BILLIONAvailable to protect

user accounts worldwide

Today, its members provide the world’s largest ecosystem for standards-based, interoperable authentication

AUTHENTICATION

STANDARDS

based on public key cryptography to solve the password problem

All Rights Reserved | FIDO Alliance | Copyright 201712

HOW OLD AUTHENTICATION WORKS

ONLINE CONNECTION

The user authenticates themselves online by

presenting a human-readable “shared secret”

All Rights Reserved | FIDO Alliance | Copyright 201713

HOW FIDO AUTHENTICATION WORKS

LOCAL CONNECTION

ONLINE CONNECTION

The device

authenticates the

user online using

public key

cryptography

The user

authenticates

“locally” to

their device

(by various means)

All Rights Reserved | FIDO Alliance | Copyright 201614

Passwordless Experience Second Factor Experience

Flexible authentication spanning a variety of service providers

ENHANCED AUTHENTICATION EXPERIENCES

All Rights Reserved | FIDO Alliance | Copyright 201717

FIDO DELIVERS ON KEY PRIORITIES

Security

Privacy Interoperability

Usability

All Rights Reserved | FIDO Alliance | Copyright 201718

AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD

All Rights Reserved | FIDO Alliance | Copyright 201719

HOW TO BUILD AN ECOSYSTEM?

CERTIFICATIONS

MEMBERS & PARTNERS

DEPLOYMENTS

SPECIFICATIONS

All Rights Reserved | FIDO Alliance | Copyright 201720

250+ MEMBER ORGANIZATIONS GLOBALLYFIDO board members include leading global brands and technology providers

+ SPONSOR MEMBERS + ASSOCIATE MEMBERS + LIAISON MEMBERS

All Rights Reserved | FIDO Alliance | Copyright 201721

LIAISON PROGRAM

All Rights Reserved | FIDO Alliance | Copyright 201722

*NEW* LIASION PARTNER

To explore the market and technical fits

between FIDO Authentication & Mobile Connect

FIDO Specifications

FIDO 1.1(FIDO)

CTAP*(FIDO)

WebAuthn*(FIDO+W3C)

UVC* (FIDO+EMVCo)

All Rights Reserved | FIDO Alliance | Copyright 201723

*FIDO 2 Project: In Development

All Rights Reserved | FIDO Alliance | Copyright 201724

BY THE NUMBERS: CERTIFICATIONS

32

6274

108

162

216

253

304

343

Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16 Dec-16 May-17

254

89

All Rights Reserved | FIDO Alliance | Copyright 201725

FIDO IN THE IOS ECOSYSTEMSupported iOS fingerprint devices

iPhone SE iPhone & iPhone+

iPad Pro iPad Air, Mini

All Rights Reserved | FIDO Alliance | Copyright 201726

FIDO IN THE ANDROID ECOSYSTEM

S5, Mini Alpha Note 4,5 Note

Edge

Tab S,

Tab S2

S6,

S6 EdgeS7,

S7 Edge

Vernee

Thor

Xperia Z5

SO-01H

Xperia Z5

CompactSO-02H

Xperia Z5

PremiumSO-03H

Mate 8

V10 G5 Phab2 Phab2

Pro Plus

Z2, Z2 ProXperia X

Performance

Xperia XZ Xperia X

Compact

SO-02J

Arrows

NX

Arrows

Fit

Arrows

Tab

F-02HF-04HF-04G

F-01H

Aquos ZetaSH-01HSH-03G SH-02J

MO1TF-01J

All Rights Reserved | FIDO Alliance | Copyright 201727

FIDO IN THE WINDOWS + WEB ECOSYSTEMS

Yoga 910Windows 10

Microsoft Edge

Windows Platforms Web

All Rights Reserved | FIDO Alliance | Copyright 201728

FIDO CERTIFIED TOKENS - SAMPLE

All Rights Reserved | FIDO Alliance | Copyright 201729

SAMPLE: FIDO-ENABLED SERVICES

3 BILLIONAVAILABLE TO PROTECT

ACCOUNTS WORLDWIDE

All Rights Reserved | FIDO Alliance | Copyright 201730

AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD

All Rights Reserved | FIDO Alliance | Copyright 201731

WEB AUTHENTICATION SPECIFICATION BRINGS FIDO TO THE PLATFORM

Sets model for native

platforms to follow

World Wide Web

Consortium (W3C)

developing a Web

Authentication

specification based

on 3 FIDO Alliance

technical

specificationsStandard web API enables

web apps to move beyond

passwords and offer FIDO

strong authentication

across all web browsers

and web platforms

All Rights Reserved | FIDO Alliance | Copyright 201732

CLIENT-TO-AUTHENTICATOR PROTOCOL (CTAP)

• CTAP will enable browsers and operating systems to talk to

external authenticators like USB keys, NFC and Bluetooth-

enabled devices

• Use a wearable or mobile device, for example, to log in to

a computer, tablet, IoT device, etc.

• Removes requirement to re-register on every device

All Rights Reserved | FIDO Alliance | Copyright 201733

EXTENSION TO WEBAUTHN: USER VERIFICATION CACHING

• Enables convenient on-device FIDO

Certified authenticators, such as a

fingerprint or “selfie” biometrics

• Securely verifies consumer’s presence

when making an in-store or in-app mobile

payment

• Provides additional risk management

information in order to approve a

payment within a given time period

• Reduces the number of times a

consumer needs to re-authenticate

themselves

All Rights Reserved | FIDO Alliance | Copyright 201734

FIDO IMPACT ON POLICY

FIDO specifications offer governments newer, better options for

strong authentication – but governments may need to update some

policies to support the ways in which FIDO is different.

1. Recognize that two-factor authentication no longer brings higher burdens or

costs.

2. Recognize technology is now mature enough to enable two secure, distinct auth.

factors in a single device.

3. As governments promote or require strong auth., make sure it is the “right”

strong auth.

As technology evolves,

policy needs to evolve with it.

All Rights Reserved | FIDO Alliance | Copyright 201735

Join the FIDO Ecosystem

www.fidoalliance.org

Deploy

Take Part in FIDO Events

Build FIDO Certified Solutions

Join the Alliance

36

ADDITIONAL RESOURCES

All Rights Reserved | FIDO Alliance | Copyright 2017

Membership information: https://fidoalliance.org/membership/

Liaisons: https://fidoalliance.org/participate/liaison/

FIDO Explainer Video: https://youtu.be/0tGk5-4wx-w

Blog: https://fidoalliance.org/category/blog/

Email: info@fidoalliance.org

Twitter: @FIDOAlliance

Upcoming events:

• https://fidoalliance.org/upcoming-events/

All Rights Reserved | FIDO Alliance | Copyright 201737

THANK YOU

BRETT MCDOWELL, EXECUTIVE DIRECTOR

BRETT@FIDOALLIANCE.ORG