Here’s to FIDO Alliance: In Praise of Authentication Protocols

Apr 10, 2018 | by Salah Machani

At RSA, we take our commitment to delivering “Authentication Your Way” very seriously. After all, the more choices of authentication methods available to you, the easier it’s going to be to find exactly the right ones to meet your business needs and match your users’ preferences. That’s why we’re excited about working with the Fast Identity Online (FIDO) Alliance to develop and promote the adoption of innovative new authentication standards and capabilities.

The FIDO Alliance’s mission is, in its own words, to “change the nature of online authentication,” largely through technology that allows organizations to rely less on passwords for authentication. The alliance offers different types of user experiences to meet a variety of needs; RSA SecurID® Access supports the FIDO Second Factor Experience using FIDO Universal Second Factor (U2F) authenticators. It allows enterprises to add a strong second authentication factor to their existing password infrastructures in order to secure access to their on-premises and cloud applications.

Enabling More Choices for RSA Customers
We’re committed to offering RSA customers more ways for users to authenticate to resources, and we’re pleased that the FIDO Alliance makes it possible to expand the choices available to them. The FIDO Second Factor Experience is a particularly compelling choice for organizations with partners and independent contractors who need secure access to sensitive resources and data, because it provides the option for external users to easily source authentication tokens and self-register them for use.

Making Public Key Cryptography Practical
Technology specifications developed by the FIDO Alliance make it possible to easily incorporate strong public key cryptography in large-scale consumer applications. Not surprisingly, companies in consumer banking and payments were among the first adopters, along with insurance and healthcare organizations. 

FIDO is also compatible with existing federation and single sign-on (SSO) protocols such as SAML and OpenID Connect. Organizations that invested in federation protocols for business-to-employee (B2E) and business-to-business (B2B) scenarios can take advantage of FIDO specifications to offer stronger and easier means of authenticating users.

An Evolving Set of Authentication Solutions
In addition to the FIDO Second Factor Experience, the FIDO Alliance also offers the FIDO Passwordless Experience, a biometric option based on the Universal Authentication Framework (UAF) protocol. The next evolution of the technology is the FIDO2 standard the alliance is developing in collaboration with the World Wide Web Consortium (W3C). At the core of this new standard are the jointly developed WebAuthn web API and FIDO's Client to Authenticator protocol (CTAP) specification - providing broader browser support and even more authentication methods. As a result, many major platform and browser vendors, including Google, Microsoft and Mozilla, will soon be introducing new authentication options based on FIDO2 and W3C standards in their browsers and other core products.

As a market leader in multi-factor authentication, RSA is committed to supporting the new FIDO2 standard and providing best practices for FIDO deployment in the enterprise. As a member of the FIDO Alliance Board and chair of its Enterprise Adoption Sub-Group (EASG), I’m personally committed to these goals. I invite you to learn more about FIDO authentication in your own enterprise by viewing Integrating FIDO Authentication and Federation Protocols: Best Practices for Enterprise Deployment, a webinar I recently conducted in association with the FIDO Alliance.

 

Author: Salah Machani

Category: RSA Point of View

Keywords: 2FA, FIDO, FIDO Alliance, Multi-Factor Authentication, MFA, RSA SecurID Access, Authentication, FIDO Second Factor Experience, FIDO2, U2F, UAF, Universal Authentication Framework, Universal Second Factor