2020-022-Andrew Shikiar, FIDO Alliance, removing password from IoT, and discussing FIDO implementation
Published June 10, 2020
|
43 min
    Download
    Add to queue
    Copy URL
    Show notes

    Andrew Shikiar, executive director and CMO of the (Fast IDentity Online) FIDO Alliance.

     

    What is FIDO?

    open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. FIDO addresses the lack of interoperability among strong authentication devices and reduces the problems users face creating and remembering multiple usernames and passwords.”

    FIDO workflow

    Did any one event precipitate creation of the FIDO alliance?



    UAF= https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html

     

    U2F = https://en.wikipedia.org/wiki/Universal_2nd_Factor (yubikeys, tokens)

     

    https://landing.google.com/advancedprotection/

     

    FIDO supports biometrics - https://www.biometricupdate.com/202002/how-fido-based-biometric-technology-clears-up-the-iot-authentication-mess

     

    FIDO certified software and companies: https://fidoalliance.org/fido-certified-showcase/

     

    IBM: https://www.ibm.com/blogs/sweeden/fido2-conformance-why-its-a-big-deal/  -- 

     

    Digital Identity Guidelines: Authentication and Lifecycle Management - digital ID framework

     

    NIST guidelines that FIDO meets: https://pages.nist.gov/800-63-3/sp800-63b.html#sec5

     

    https://fidoalliance.org/certification/authenticator-certification-levels/

     

    https://github.com/herrjemand/awesome-webauthn

     

    https://fidoalliance.org/content/case-study/

     

    https://loginwithfido.com/provider/

     

    From a threat modeling perspective, how does ‘2fa’ occur when the authenticating method and the browser are on the same device?

    Consumer education initiative https://loginwithfido.com/

     

    IoT Devices- https://fidoalliance.org/internet-of-things/

    https://blog.techdesign.com/fido-authentication-to-secure-iot-devices/

     

    For Developers: https://fidoalliance.org/developers/   or https://webauthn.io/ - dev information about WebAuthN

    https://github.com/herrjemand/awesome-webauthn



    https://fidoalliance.org/events/ - upcoming webinars for FIDO related topics

     

    NTT DOCOMO introduces passwordless authentication for d ACCOUNT

     

    https://groups.google.com/a/fidoalliance.org/forum/#!forum/fido-dev

      15
      15
        0:00:00 / 0:00:00