SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
eIDAS stands for “electronic identification, authentication and trust services.” It builds the legal basis for cross-border interoperability of electronic identification, authentication, and electronic signatures amongst EU Member States.
This webinar slide deck explores the relationship between FIDO2 standards and eIDAS compliant schemes that can accommodate modern authentication protocols. The webinar will include:
An introduction to eIDAS
An overview on how to use FIDO as part of an eID scheme
An overview on using FIDO2 for authentication to Qualified Trust Service Providers (QTSPs)
This webinar is ideal for governmental agencies that are interested in using FIDO2 as part of an eIDAS notified eID scheme, and QTSPs who are interested in deploying eIDAS remote signing services that leverage the FIDO2 standard.
So let’s talk about credential theft.. It all starts with the fact that authentication has historically depended on centrally-stored, server side credentials. The problem with this is that the credentials are at risk of being stolen through a variety of mechanisms, which we’ll explore today.
This is part of the landscape that FIDO was founded to address.
We know that passwords have very weak security and poor usability – but the thing that doesn’t (or didn’t“) get enough attention was the risk associated with OTPs. Not only do OTPs present major usability challenges (what’s worse than one password? Two passwords) but OTPs are also centrally stored secrets, just for a shorter timeframe. As such, they are succeceptible to large-scale attacks and/or spear-phishing – as we’ve seen in some very well-documented breaches.
This really is the crux of what FIDO is trying to do – it’s eliminating use of all shared secrets, not just passwords.
FIDO’s goal from day one was to transform the market away from dependence on centrally stored shared secrets to a model that uses public key cryptography and allows consumers to authenticate through devices that they literally have in their fingertips every day. It’s simpler and stronger authentication.
FIDO rapidly realized this goal with the initial release of FIDO’s UAF and U2F specifications in 2015.
History of the Alliance: Organization was organized in 2012, open to any organization to join in 2013 with the mission to solve the world’s password problem FIDO was launched with just 6 member companies. Today we have more than 250 members from around the world – including the Board of Directors that you see represented here My favorite way of looking at this list of logos is consider closing your eyes and asking yourself “what companies do we need have sitting around a board table to help solve the password problem?” – and I suspect it would look a lot like this We have major platform providers and manufacturers creating devices that we all use every day We have leaders in security, biometrics and identity – both established companies and innovative start-ups Last but not least, we have companies whose very businesses depend on their ability to deliver high-assurance services to billions of users around the world
-2019 was Significant year in terms of fido2 adoption -Platform authenticators are certified -Brings reach of fido2 to billions of users using these platforms -Browser support grown in breadth and depth -Ex: Stronger initial and growing support in safari for fido2 -Safari13 supports security keys on macOS, iOS and iPadOS
-Significant year in terms of fido2 adoption -Platform authenticators are certified -Brings reach of fido2 to billions of users using these platforms -Browser support grown in breadth and depth -Ex: Stronger initial and growing support in safari for fido2 -Safari13 will support security keys on macoS - You can deploy across any mainstream OS today