Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication”
At a time when the number of compromised credentials has reached billions, the prospect of someday not having to rely on usernames and passwords for access is certainly appealing. That day appears to be closer than ever now. Microsoft announced last month that the next major update of its Windows operating system will enable passwordless sign-in. Earlier in the year, the World Wide Web Consortium (W3C) ratified the WebAuthn API, which enables website logins without passwords, as an official standard. And Google certified Android devices for password-free logins. Those are just a few examples of the buzz around passwordless authentication lately – and they all have one thing in common: the FIDO Alliance, an open industry association that’s on a self-described mission to deliver “simpler, stronger authentication,” in the form of authentication standards that will help reduce reliance on passwords.
More and more, I’m seeing organizations that welcome the idea of a passwordless future based on FIDO standards, but aren’t entirely sure what steps to take next. And while organizations may be eager to move past legacy identity solutions, careful planning and preparation is key for successful implementation. As CTOs, CISOs, CSOs and security professionals start to reimagine their identity and access management postures, a mindful, deliberate approach to FIDO authentication is the best course of action.
First Things First: Why FIDO, and Why Now?
The CISO of a global entertainment business recently told me about what ..