Upload
fido-alliance
View
4.343
Download
0
Embed Size (px)
Citation preview
All Rights Reserved | FIDO Alliance | Copyright 20171
INTRODUCTION TO THE FIDO ALLIANCE
BRETT MCDOWELL
EXECUTIVE DIRECTOR
All Rights Reserved | FIDO Alliance | Copyright 20172
AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD
All Rights Reserved | FIDO Alliance | Copyright 20174
THE WORLD HAS A PASSWORD PROBLEM
Data breaches in
2016 that involved
weak, default, or
stolen passwords1
Increase in
phishing attacks
over the number of
attacks recorded
in 20152
Breaches in 2016,
a 40% increase
over 20153
1Verizon 2017 Data Breach Report |2Anti-Phishing Working Group | 3Identity Theft Resource Center 2016
CLUMSY | HARD TO REMEMBER | NEED TO BE CHANGED ALL THE TIME
81% 65%
1,093
ONE-TIME PASSCODESImprove security but aren’t easy enough to use
Still Phishable
User Confusion
TokenNecklace
SMS Reliability
All Rights Reserved | FIDO Alliance | Copyright 20175
THE “SHARED SECRET”(AKA “WHAT YOU KNOW”)IS BROKEN
WE NEED A NEW AUTHENTICATION MODEL“WHAT YOU HAVE” (+ “WHAT YOU ARE”)
All Rights Reserved | FIDO Alliance | Copyright 20176
All Rights Reserved | FIDO Alliance | Copyright 20177
AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD
All Rights Reserved | FIDO Alliance | Copyright 20178
THE NEW MODEL
open standards forsimpler, stronger authenticationusing public key cryptography
Fast
IDentity
Online
All Rights Reserved | FIDO Alliance | Copyright 20179
THE FACTS ON FIDO
The FIDO Alliance is an open industry association of over 250 organizations with a focused mission:
300+FIDO Certified solutions
3 BILLIONAvailable to protect
user accounts worldwide
Today, its members provide the world’s largest ecosystem for standards-based, interoperable authentication
AUTHENTICATION
STANDARDS
based on public key cryptography to solve the password problem
All Rights Reserved | FIDO Alliance | Copyright 201712
HOW OLD AUTHENTICATION WORKS
ONLINE CONNECTION
The user authenticates themselves online by
presenting a human-readable “shared secret”
All Rights Reserved | FIDO Alliance | Copyright 201713
HOW FIDO AUTHENTICATION WORKS
LOCAL CONNECTION
ONLINE CONNECTION
The device
authenticates the
user online using
public key
cryptography
The user
authenticates
“locally” to
their device
(by various means)
All Rights Reserved | FIDO Alliance | Copyright 201614
Passwordless Experience Second Factor Experience
Flexible authentication spanning a variety of service providers
ENHANCED AUTHENTICATION EXPERIENCES
All Rights Reserved | FIDO Alliance | Copyright 201717
FIDO DELIVERS ON KEY PRIORITIES
Security
Privacy Interoperability
Usability
All Rights Reserved | FIDO Alliance | Copyright 201718
AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD
All Rights Reserved | FIDO Alliance | Copyright 201719
HOW TO BUILD AN ECOSYSTEM?
CERTIFICATIONS
MEMBERS & PARTNERS
DEPLOYMENTS
SPECIFICATIONS
All Rights Reserved | FIDO Alliance | Copyright 201720
250+ MEMBER ORGANIZATIONS GLOBALLYFIDO board members include leading global brands and technology providers
+ SPONSOR MEMBERS + ASSOCIATE MEMBERS + LIAISON MEMBERS
All Rights Reserved | FIDO Alliance | Copyright 201722
*NEW* LIASION PARTNER
To explore the market and technical fits
between FIDO Authentication & Mobile Connect
FIDO Specifications
FIDO 1.1(FIDO)
CTAP*(FIDO)
WebAuthn*(FIDO+W3C)
UVC* (FIDO+EMVCo)
All Rights Reserved | FIDO Alliance | Copyright 201723
*FIDO 2 Project: In Development
All Rights Reserved | FIDO Alliance | Copyright 201724
BY THE NUMBERS: CERTIFICATIONS
32
6274
108
162
216
253
304
343
Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16 Dec-16 May-17
254
89
All Rights Reserved | FIDO Alliance | Copyright 201725
FIDO IN THE IOS ECOSYSTEMSupported iOS fingerprint devices
iPhone SE iPhone & iPhone+
iPad Pro iPad Air, Mini
All Rights Reserved | FIDO Alliance | Copyright 201726
FIDO IN THE ANDROID ECOSYSTEM
S5, Mini Alpha Note 4,5 Note
Edge
Tab S,
Tab S2
S6,
S6 EdgeS7,
S7 Edge
Vernee
Thor
Xperia Z5
SO-01H
Xperia Z5
CompactSO-02H
Xperia Z5
PremiumSO-03H
Mate 8
V10 G5 Phab2 Phab2
Pro Plus
Z2, Z2 ProXperia X
Performance
Xperia XZ Xperia X
Compact
SO-02J
Arrows
NX
Arrows
Fit
Arrows
Tab
F-02HF-04HF-04G
F-01H
Aquos ZetaSH-01HSH-03G SH-02J
MO1TF-01J
All Rights Reserved | FIDO Alliance | Copyright 201727
FIDO IN THE WINDOWS + WEB ECOSYSTEMS
Yoga 910Windows 10
Microsoft Edge
Windows Platforms Web
All Rights Reserved | FIDO Alliance | Copyright 201729
SAMPLE: FIDO-ENABLED SERVICES
3 BILLIONAVAILABLE TO PROTECT
ACCOUNTS WORLDWIDE
All Rights Reserved | FIDO Alliance | Copyright 201730
AGENDA:THE PROBLEMTHE SOLUTIONTHE ECOSYSTEMTHE ROAD AHEAD
All Rights Reserved | FIDO Alliance | Copyright 201731
WEB AUTHENTICATION SPECIFICATION BRINGS FIDO TO THE PLATFORM
Sets model for native
platforms to follow
World Wide Web
Consortium (W3C)
developing a Web
Authentication
specification based
on 3 FIDO Alliance
technical
specificationsStandard web API enables
web apps to move beyond
passwords and offer FIDO
strong authentication
across all web browsers
and web platforms
All Rights Reserved | FIDO Alliance | Copyright 201732
CLIENT-TO-AUTHENTICATOR PROTOCOL (CTAP)
• CTAP will enable browsers and operating systems to talk to
external authenticators like USB keys, NFC and Bluetooth-
enabled devices
• Use a wearable or mobile device, for example, to log in to
a computer, tablet, IoT device, etc.
• Removes requirement to re-register on every device
All Rights Reserved | FIDO Alliance | Copyright 201733
EXTENSION TO WEBAUTHN: USER VERIFICATION CACHING
• Enables convenient on-device FIDO
Certified authenticators, such as a
fingerprint or “selfie” biometrics
• Securely verifies consumer’s presence
when making an in-store or in-app mobile
payment
• Provides additional risk management
information in order to approve a
payment within a given time period
• Reduces the number of times a
consumer needs to re-authenticate
themselves
All Rights Reserved | FIDO Alliance | Copyright 201734
FIDO IMPACT ON POLICY
FIDO specifications offer governments newer, better options for
strong authentication – but governments may need to update some
policies to support the ways in which FIDO is different.
1. Recognize that two-factor authentication no longer brings higher burdens or
costs.
2. Recognize technology is now mature enough to enable two secure, distinct auth.
factors in a single device.
3. As governments promote or require strong auth., make sure it is the “right”
strong auth.
As technology evolves,
policy needs to evolve with it.
All Rights Reserved | FIDO Alliance | Copyright 201735
Join the FIDO Ecosystem
www.fidoalliance.org
Deploy
Take Part in FIDO Events
Build FIDO Certified Solutions
Join the Alliance
36
ADDITIONAL RESOURCES
All Rights Reserved | FIDO Alliance | Copyright 2017
Membership information: https://fidoalliance.org/membership/
Liaisons: https://fidoalliance.org/participate/liaison/
FIDO Explainer Video: https://youtu.be/0tGk5-4wx-w
Blog: https://fidoalliance.org/category/blog/
Email: [email protected]
Twitter: @FIDOAlliance
Upcoming events:
• https://fidoalliance.org/upcoming-events/
All Rights Reserved | FIDO Alliance | Copyright 201737
THANK YOU
BRETT MCDOWELL, EXECUTIVE DIRECTOR