security

How FIDO2 Can Streamline Passwordless Tech, Account Recovery – GovInfoSecurity.com


Multi-factor & Risk-based Authentication
,
Security Operations
,
Video

Superlunar’s Nick Steele on How Passkeys, Conditional UI Benefit Credential Sharing



Nick Steele, head of research, Superlunar

The FIDO2 standard has driven not only the adoption of multifactor authentication but also the embrace of passkeys and conditional UI, says Superlunar’s Nick Steele.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

FIDO2 will help users adopt passwordless flows on their browsers and laptops while protecting websites with public key credentials in a way that wasn’t possible before. Passkeys, meanwhile, make it easier to share credentials for the same website between a phone and a browser, and they lower the barrier for account recovery, and conditional UI prompts users to log in with passkeys when available, he says (see: FIDO Panel: Remember, Passwordless Is All About Usability).

“FIDO2 allows us to have unique and scoped credentials which are specific to a single website,” Steele says. “If an attacker was to get ahold of that credential, it’s unique to that website so they wouldn’t be able to relate it to any other website and they couldn’t actually do anything with it. What an attacker would get is a public key, which is kind of useless. An attacker would gain very little from having that.”

In this video interview with Information Security Media Group from FIDO Alliance’s Authenticate 2022 conference, Steele also discusses:

  • How FIDO2 helps drive adoption of multifactor authentication;
  • The significance of passkeys and conditional UI in authentication;
  • How passkeys can help organizations streamline account recovery.
Readers Also Like:  Neustar Security Services Introduces UltraPlatform to Safeguard ... - MarTech Series

Steele leads research for Superlunar, a private New York-based R&D group. A security researcher and identity expert from Brooklyn, New York, he works with the World Wide Web Consortium as a contributor and co-chair and has been working with W3C on the WebAuthn standard since 2017.





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.