Security

Fast Identity Online (FIDO): How it can bolster your company’s security

4th November 2019

Corporations around the world and across many sectors can benefit from Fast Identity Online or Fast ID Online (FIDO) authentication, that their employees and users can use to minimize security risks and improve the user experience. This set of security specifications, developed by the FIDO Alliance – a nonprofit organization that aims to standardize the identification of the client and protocol layers –, provides for a stronger and more effective authentication.

 

What is Fast Identity Online (FIDO)?

FIDO leaves behind traditional authentication methods such as passwords and others, instead using a unifying tool. One of the main problems faced by corporations in the era of digitalization is the wide array of formats adopted by authentication services – while some are embedded into the device that the client carries, such as security components in mobile devices or TPMs in computers, others connect to another client device via Bluetooth or NFC. In other cases, USB sticks are used for this purpose. While in some cases, such as the latter, connected authenticators are physical, in most cases wireless connections are used to access an authenticator embedded into another device, such as the phone.

Using a FIDO protocol service, all of these processes are standardized and the interoperability between different client devices and online services, operating systems, web applications and web browsers is facilitated. In the last 7 years, FIDO Authentication has evolved from being a concept that sparked a project, to becoming a global web standard that is compatible with major existing platforms and browsers.

With the goal of attaining a more solid authentication, FIDO protocols use standard public key encryption techniques. When registering to an online service, the client’s or user’s device generates two new keys – a public and a private one. The latter is stored, while the public key is registered in the online service.

The authentication is performed via the client’s device, which proves that it has the private key for the service by signing a request. The client’s private keys can only be used after the user has locally unlocked them in the device. Local unlocking is performed by means of a secure, easy to use action, such as swiping a finger, entering a PIN, talking on a microphone, inserting a two-factor authentication device or pushing a button.

 

How Fast Identity Online (FIDO) can bolster security in your company

Most technologies in used today use user identification passwords based on different LDAPs. But all of them have a fundamental weakness, and that is that the service or website that performs the authentication stores the confidential information that it is provided. The fact that different remote points have this information is a great incentive for malicious agents who are interested in obtaining it. FIDO is already one of the pillars of web security of many international companies, and one of the reasons for this is that registration and account retrieval processes, which are very agile, are preventing these agents from taking control of the accounts and accessing the organizations’ communication networks.

In the case of accounts protected against phenomena such as phishing, and other based on FIDO authentication credentials, the account recovery process when a FIDO device is lost or stolen is fundamental in maintaining the integrity of the user’s account.

FIDO protocols offer a simpler authentication, with a fast and comfortable sign-in, and minimize the constant need to remember and write passwords. They also work with the same devices that are commonly used in everyday life, and with all services. Fast Identity Online allows for a strong authentication that is phishing-proof and can withstand other common attacks. All of this, based on public key encryption and without the need to let go of the device that is being used at a given time. Another of its advantages is that it makes no links between different services or accounts that the user may have.

The FIDO tool, designed from the get-go to protect the user’s privacy, does not provide information that can be used by different online services to jointly track a user through the services. The biometric information, if used, never leaves the user’s device either.

On the other hand, integrating the services of the FIDO Alliance as a company implies major benefits, whether as a provider that offers solutions on the market based on FIDO, or as an organization that aims to benefit from its advantages and implement FIDO authentication among clients and/or employees.