Identity at the Center Identity at the Center #56 - What is FIDO with Andrew Shikiar
Aug 10, 2020
Andrew Shikiar, Executive Director of the FIDO Alliance, dives into the mission to eliminate password-related breaches through innovative authentication. He discusses how FIDO uses public-key cryptography to enhance security and the challenges posed by sophisticated phishing attacks. Shikiar emphasizes the usability of FIDO solutions, such as biometrics and single-gesture authentication, and outlines major tech giants supporting its adoption. He also explores enterprise use cases and the benefits of cost savings from enhanced security measures.
AI Snips
Chapters
Transcript
Episode notes
Passwords Drive Data Breaches
- Passwords cause the vast majority of data breaches and are the primary attack vector to fix.
- FIDO shifts authentication away from server-side shared secrets to device-held public-key cryptography.
Make Strong Auth Easy
- Use FIDO to provide simpler, stronger authentication via a single user gesture like fingerprint or security key touch.
- Reduce friction to increase adoption since users avoid security that is too hard.
OTP And Server Secrets Still Risky
- Server-side second factors like OTPs are still shared secrets and vulnerable to theft or man-in-the-middle attacks.
- Attackers exploit these to bypass so-called MFA protections, making them insufficient alone.