Page 27 - GS221201
P. 27
CoverStory
Beyond passwords would see an entirely different URL.
The FIDO (Fast IDentity Online) Alliance is focused on Web 3.0
reducing reliance on passwords, providing a superior cus-
tomer authentication experience and driving greater on- Also at Authenticate 2022, Robert MacDonald, vice presi-
line service consumption, revenue and profit. Since its in- dent, product marketing at 1Kosmos, spoke about how
ception a decade ago, FIDO has driven global adoption of Web 3.0 will reshape authentication. He explored how per-
its technology standard and open, scalable, interoperable ceptions about financial services and digital assets may
framework. Its diverse global ecosystem promotes height- change in a decentralized world. Pointing out that Web
ened security, privacy and simplified user interfaces for 3.0 has established identity standards, such as Decentral-
authenticating users of online services, stated Andrew ized Identifiers and Verifiable Credentials, MacDonald
Shikiar, executive director at FIDO. proposed individuals could access multiple credentials in
a digital wallet to authenticate with desired entities.
At Authenticate 2022, an annual conference held in Octo-
ber 2022 in Seattle, Shikiar summarized FIDO's journey: "These technologies deliver an immutable, secure and
First, we built technology, using case driven specifications flexible ledger to support identity protection," MacDon-
and technical outputs that are submitted to formal stan- ald said. "With an identity stored in a digital wallet rather
dardization process by formal standards bodies. Second, than on a central server or other authority, it's possible to
we built a thriving B2B ecosystem of FIDO products and lock down data while preventing the traceability of sensi-
vendors, which certifies products that conform to FIDO tive data."
specifications and interoperability requirements. And last
but not least, we focused on facilitating adoption, which is The Web 3.0 framework would simplify identity manage-
more and more a focus for FIDO. ment, MacDonald suggested, and also give users greater
control over their identity and how they choose to authen-
Reflecting on FIDO's achievements in 2022, which in- ticate with various service providers such as DeFi servic-
cluded launching Passkey, a multichannel authentication es, traditional financial institutions and employers. Users
solution, a FIDO professional credentialing program and could also leverage Web 3.0's blockchain infrastructure
formalized design system to help FIDO members acceler- to control their identity data, he added, by storing their
ate deployments, Shikiar said, "I think we have an oppor- identities in digital wallets instead of a central server or
tunity with authentication to be a bridge of the digital di- authority.
vide and not another wedge. That's something we should
all think about as we move forward these couple of days." MacDonald further noted that a decentralized identity
and Web3.0 environment would facilitate private identity
Beyond legacy MFA management blockchains that support advanced authen-
tication, including biometrics; identity proofing used for
Roger Grimes, data-driven defense evangelist at KnowBe4 credential verification; MFA without clumsy one-time
Inc., discussed the need to continuously evolve and up- codes and overall frictionless customer experience that
date security strategies at Authenticate 2022, in a talk on distributed ledgers and blockchain deliver.
how to make your MFA solution more resilient. During
the presentation, Grimes shared ways to make hackable Passwordless journey
MFA solutions more robust and harder to crack, while ex-
plaining why FIDO2 is one of the most secure MFA solu- Dhaval Shah, CEO at Rainbow Secure, noted that managed
tions in the market. service providers have made security more accessible and
affordable for businesses, including small and midsize en-
"The biggest reason we're all going from passwords to terprises. However, he said he'd like to see providers tailor
MFA is to stop password theft," Grimes said, advising the service offerings for clients even more.
audience to avoid using MFA solutions that are as easy to
steal as passwords. Even the most secure MFA solutions Rainbow Secure's password and passwordless solutions
can be hacked in a handful of ways, he added, even those help clients step up security at their own pace, Shah stat-
that vendors claim are not hackable. You don't even have ed, adding that the company's password solution, for ex-
to be anybody or know anything to commit this type of ample, enables users to customize password characters,
fraud, he said, because MFA hacking is built into malware numbers and backgrounds, using color and font styles that
or phishing kits. are not visible beyond their log-in screens. "We all need to
meet customers where they are, and that includes wher-
Hackers use bot attacks, account recovery scams, network ever they happen to be in their security product roadmaps
session hijacking and other methods to access user ac- and passwordless journeys," Shah said.
counts, Grimes stated, adding he first covered network
session hijacking in 1989 for Info World Magazine. "The Dale S. Laszig, senior staff writer at The Green Sheet and managing
victim receives a phishing email pretending to be from a director at DSL Direct LLC, is a payments industry journalist and content
trusted brand to trick them into using their password or strategist. Connect via email dale@dsldirectllc.com, LinkedIn www.
MFA," he said, noting any user who hovered over that link linkedin.com/in/dalelaszig/ and Twitter@DSLdirect.
27
