Introduces FIDO Authentication: the problem, the solution, the Alliance and the market. Presented by Brett McDowell, Executive Director of the FIDO Alliance.
3. 781 data breaches in 2015
Data Breaches…
170 million records in 2015 (up 50%)
$3.8 million cost/breach (up 23% f/2013)
All Rights Reserved | FIDO Alliance | Copyright 2016 3
4. “95% of these incidents
involve harvesting
credentials stolen from
customer devices, then
logging into web
applications with them.”
2015 Data Breach Investigations Report
All Rights Reserved | FIDO Alliance | Copyright 2016 4
5. “A look through the details of these
incidents shows a common sequence of
phish customer ≥
get credentials ≥
abuse web application ≥
empty bank/bitcoin account.”
2015 Data Breach Investigations Report
All Rights Reserved | FIDO Alliance | Copyright 2016 5
6. The world has a PASSWORD PROBLEM
5Confidential All Rights Reserved | FIDO Alliance | Copyright 2016 6
7. IDM has a “Shared Secrets” PROBLEM
5Confidential All Rights Reserved | FIDO Alliance | Copyright 2016 7
8. ONE-TIME PASSCODES
Improve security but aren’t easy enough to use
Still
Phishable
User
Confusion
Token
Necklace
SMS
Reliability
6Confidential All Rights Reserved | FIDO Alliance | Copyright 2016 8
9. WE NEED A
NEW MODEL
All Rights Reserved | FIDO Alliance | Copyright 2016 9
14. HOW “Shared Secrets” WORK
ONLINE
The user authenticates
themselves online by presenting a
human-readable “shared secret”
All Rights Reserved | FIDO Alliance | Copyright 2016 14
15. HOW FIDO AUTHN WORKS
AUTHENTICATOR
LOCAL ONLINE
The user authenticates
“locally” to their device
(by various means)
The device authenticates
the user online using
public key cryptography
All Rights Reserved | FIDO Alliance | Copyright 2016 15
16. OPEN STANDARDS R.O.I.
FIDO-ENABLE ONCE
GAIN EVERY DEVICE YOU TRUST
NO MORE ONE-OFF INTEGRATIONS
All Rights Reserved | FIDO Alliance | Copyright 2016 16
18. No 3rd Party in the Protocol
No Secrets on the Server Side
Biometric Data (if used) Never Leaves Device
No Link-ability Between Services
No Link-ability Between Accounts
All Rights Reserved | FIDO Alliance | Copyright 2016 18
19. Better security for online services
Reduced cost for the enterprise
Simpler and safer for consumers
All Rights Reserved | FIDO Alliance | Copyright 2016 19
21. The FIDO Alliance is an open industry
association with a focused mission:
authentication standards
All Rights Reserved | FIDO Alliance | Copyright 2016 21
25. Government & Research
“The fact that FIDO has now welcomed government
participation is a logical and exciting step toward
further advancement of the Identity Ecosystem;
we look forward to continued progress.”
-- Mike Garcia, NSTIC NPO
25
2525All Rights Reserved | FIDO Alliance | Copyright 2016
26. Liaison Program
Our mission is highly
complementary to
many other
associations around
the world. We
welcome the
opportunity to
collaborate with this
growing list of
industry partner
organizations.
26
26All Rights Reserved | FIDO Alliance | Copyright 2016 26
29. “NTT DOCOMO is now
offering FIDO-enabled
biometric authentication for
customers using Apple iOS
devices”
Mar 7, 2016
RECENT FIDO ADOPTION
“FIDO Universal 2nd Factor
(U2F) authentication is now
being used to allow all UK
citizens to easily and
securely access GOV.UK
Verify digital public
services.
Mar 23, 2016
“BC Card provides Token
and FIDO services to
strengthen security and
safety of Samsung Pay”
March 1, 2016
“KEB Hana’s new solution
is notably FIDO Certified.”
February 3, 2016
“Baidu Wallet is now offering FIDO-
enabled biometric authentication for
customers using Android devices”
April, 2016
Q1
2016
Q2
2016
All Rights Reserved | FIDO Alliance | Copyright 2016 29
30. Deployments are enabled by over 150
FIDO® Certified products
www.fidoalliance.org/certification/fido-certified/
All Rights Reserved | FIDO Alliance | Copyright 2016 30
31. Available to anyone
Ensures interoperability
Promotes the FIDO
ecosystem
Steps to certification:
1. Conformance Self-Validation
2. Interoperability Testing
3. Certification Request
4. Trademark License (optional)
fidoalliance.org/certification
All Rights Reserved | FIDO Alliance | Copyright 2016 31
33. Leading OEMs Shipping FIDO Certified Devices
Tab S, Tab S2S5, Mini Note 4, 5Alpha Note Edge S6/S7, S6/S7 Edge
Sharp
Aquos Zeta
Sony
Experia Z5
Fujitsu
Arrows
(Iris Biometrics)
Samsung
LG
V10 & G5
Huawei
Mate 8
Lenovo
P1
Lenovo
K52
All Rights Reserved | FIDO Alliance | Copyright 2016 33
34. iPhone 5s iPhone 6, 6+
iPad Air 2, Mini 3
iPhone 6s, 6s+
iPad Mini 4 iPad Pro
FIDO Applications Now Run on iOS 9
Supported iOS Fingerprint Devices
All Rights Reserved | FIDO Alliance | Copyright 2016 34