Michael Barrett, FID O Alliance
A report on the headway the FIDO Alliance is making in establishing standards that enable easily interoperable authentication, covering the high-level technical architecture of these new authentication protocols and giving an update
on progress.
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
CIS14: Filling the “authentication goes here” Hole in Identity
1. Michael Barrett, president of the
FIDO Alliance
Cloud
Iden*ty
Summit
July,
2014
www.fidoalliance.org
Copyright 2014, The FIDO Alliance
All Rights Reserved
1
3. Rampant online attacks
3
• Major hacks have been
targeted at password
databases within Online
Gaming, Financial Services,
Social Media organizations
• Password Re-use is a
significant problem – technical
analysis of data breaches have
shown that 76% of passwords
used across multiple sites.
4. Opportunity for Better Authentication is Upon Us
For
Users
For
Organiza0ons
Painful to Use
• 25
Accounts
• 8
Logins
/
Day
• 6.5
Passwords
Difficult to Secure
• $5.5M
/
Data
Breach
• $15M
/
PWD
Reset
• $60+
/
Token
For
the
Ecosystem
Impossible to Scale
• Fragmented
• Inflexible
• Slow
to
Adopt
3
8. FIDO -‐ Unique Approach
Any Device.AnyApplication.AnyAuthenticator.
Standardized Protocols
Local authentication
unlocks app specific key
Key used to authenticate
to server
9. Improved security
Unique cryptographic secret created per
user account + device + site
• Protection against brute force attacks
• Segmentation of risk
• Protection against unintentional disclosure
14. Complementary
. 14
• FIDO
• Insulates authentication
server from specific
authenticators
• Focused solely on primary
authentication
• Does not support attribute
sharing
• Can communicate details of
authentication from device
to server
• Federation
– Insulates application from
specific identity providers
– Does not address primary
authentication
– Does enable secondary
authentication & attribute
sharing
– Can communicate details of
authentication from IdP to SP
15. High
Low
High
Low
Frequency
of
login
Assurance
status
quo
16. High
Low
High
Low
Frequency
of
login
Assurance
status
quo
federa0on
SSO
slide
No
more
‘Passsword123’
bump
17. High
Low
High
Low
Frequency
of
login
Assurance
status
quo
federa0on
FIDO
Con0nuum
18. FIDO implicaGons
• FIDO supports a range of assurance – determined by the specifics of the local
authentication
• Recall – “Unique cryptographic secret created per user account +
device + site”
• Implication is multiple registrations & authentications – which may be sub-
optimal from the user’s PoV
19. High
Low
High
Low
Frequency
of
login
Assurance
status
quo
federa0on
FIDO
+
federa0on
FIDO
20. CALL TO ACTION
• AUTHENTICATION IS A FUNDAMENTAL PROBLEM AND
IT IS AN INDUSTRY PROBLEM
• NO ONE COMPANY CAN FIX THIS PROBLEM
• JOIN FIDO ALLIANCE – HELP FIX
• OPPORTUNITY TO CREATE NEW SERVICES, NEW
MARKETS, NEW INNOVATIONS, NEW BUSINESSES AND
NEW REVENUE MODELS
• TAKE THE LEADERSHIP, INCLUDE FIDO SUPPORT AT
THE SOURCE ON YOUR DEVICES
• FIDO READY COMMERCIAL PRODUCTS ARE AVAILABLE
IN THE MARKET
• MAKE THE CONNECTED WORLD SECURE, PRIVATE,
FRAUD FREE , EASY TO USE AND STAY CONNECTED