FIDO Munich Seminar Introduction to FIDO.pptx

FIDOAlliance 900 views 17 slides Jul 20, 2024
Slide 1
Slide 1 of 17
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17

About This Presentation

FIDO Munich Seminar Intro to FIDO.pptx

Size: 147.99 MB
Language: en
Added: Jul 20, 2024
Slides: 17 pages

Slide Content

Introduction to FIDO Andrew Shikiar Executive Director & CEO FIDO Alliance

What is the FIDO Alliance? The FIDO Alliance is an open industry association with a focused mission: reduce the world’s reliance on passwords .

Backed by global tech leaders + Sponsor members + Associate members + Liaison members + Government members

FIDO since 2013: Simpler and stronger Security Usability Poor Easy Weak Strong = Single Gesture Possession-based Phishing-resistant Authentication Open standards for simpler, stronger authentication using public key cryptography

The FIDO Alliance works to fulfill its mission through… Define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords Technical Specifications Industry Certification Programs Market Adoption Programs Ensure interoperability, security and usability of products, services and components Promote the use of FIDO globally to drive adoption and education

of hacking-related breaches are caused by weak or stolen passwords (Ping Identity) 81% 76% Gave up on a purchase because they forgot their password (FIDO Alliance) 43% Rise in direct financial loss from successful phishing attacks from 2022-2023 (Proofpoint) either use weak passwords or repeat variations of passwords (Keeper) 64% When our primary factor is passwords… Easily phished or socially engineered, difficult to use and maintain The foundation of authentication is fundamentally flawed

Often still phishable , socially engineered, difficult to use and maintain The art of MFA Bypass: How attackers regularly beat two-factor authentication 4 Ways Hackers use Social Engineering to Bypass MFA …then our additional layers – while well-intended and necessary – are there to cover up password problems  Multifactor Authentication Bypass: Attackers Refine Tactics: D uring the first quarter of 2024, nearly half of all security incidents involved MFA. New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts Layering on does not work

54% 1265% Of consumers have noticed phishing messages become more sophisticated in last 60 days (FIDO Alliance) Rise in malicious phishing emails since Q4 2022 ( Slashnext ) Generative AI adds fuel to the phishing fire 967% Rise in credential phishing in particular since Q4 2022 ( Slashnext )

A fundamental pivot is needed… If phishing is now the primary threat - a single phishing-resistant authenticator is more valuable (in most cases) than two factors which are both easily phished. What if we could replace the outdated legacy model of “password + something else” and could replace it with a single factor that was much more secure – and easier to use?

What is a passkey? Passkey /’pas, kē / noun Passkeys are a password replacement based on FIDO protocols that provide faster, easier, more secure sign-ins to online services. A passkey may be synced across a secure cloud so that it’s readily available on all of a user’s devices, or it can be bound to a dedicated device such as a FIDO security key. Passkeys are 4x simpler to use since they don’t need to be remembered or typed. You just use your fingerprint, face scan, or screen lock to sign in across all your devices and platforms. Source: Google 4x simpler

A bit deeper on new(er) terminology A passkey is any passwordless FIDO credential Raises the bar for both security and UX Is most commonly synchronized across a user’s devices – but doesn’t have to be A passkey provider might be a platform/OS vendor, or 3rd-party software such as a password manager. Facilitates new device bootstrapping and simplifies account recovery Security of synced passkeys is the responsibility of the passkey provider Live passkey providers include Apple, Google, Dashlane , 1Password

Passkey adoption by the numbers (Since October 2022) of the world’s top 100 websites and services 20% of the world’s top 250 websites and services 12% 13B More than accounts can now leverage passkeys for sign in 96%+ of active browsers 98%+ of mobile devices

Proven success 30% opt-in in first 24 hours 4.7x improvement time to complete & improvement in success rate 50% reduction in abandonment rates Reduced account recovery calls and call center attacks 4x improvement in sign-in success rate (vs passwords) ½ the sign-in time 400M+ accounts have used passkeys 1B+ sign-ins with passkeys Within the first few months… 97% login success rate 14% eligible user adoption rate 2% reduction in SMS OTP login Sign-in success rate grew from 67.7% (SMS 2FA) to 82.5% -- over a 21% improvement Authentication time decreased from 17s (SMS 2FA) to 4.4s – nearly 4x faster

Define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords Technical Specifications Industry Certification Programs Ensure interoperability, security and usability of products, services and components Market Adoption Programs Promote the use of FIDO globally to drive adoption and education The FIDO Alliance works to fulfill its mission through…

Industry Certification Programs Ensure interoperability, security and usability of products, services and components FIDO Certification Programs User Authentication Functional Certification Authenticator Level Certification Identity Verification Face Verification Certification Document Authenticity Certification Biometric Components Biometric Component Certification Device Onboarding FIDO Device Onboard Certification

Standardization for industry Market differentiation Regulatory compliance Consumer & Enterprise protection Certification Business Benefits

Why adopt FIDO standards? Open standards benefit from collective (security) expertise. 1 2 3 4 5 6 7 They adapt to emerging security threats. Members can enhance standards to meet new use cases over time. It streamlines the process of analyzing system security. Maintenance is managed by open source or commercial entities, not users. Proprietary systems may face support issues if experts leave. FIDO certification tests ensure solutions from various vendors work together.
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 900
  • Slides 17
  • Age 498 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category