Arshad Noor is the CTO of StrongKey since 2001. With 33+ years of experience in the Information Technology sector, he has spent the last 20 years of his career focused on solving data-protection problems using applied cryptography. He has designed and constructed Public Key Infrastructures (PKI) for companies in the banking, defense, telecommunication, pharmaceutical, biotechnology and e-commerce sectors. He wrote the first open-source symmetric key-management system in 2006 and has adapted it to build an appliance to solve cryptographic key-management problems for companies complying with PCI-DSS, GDPR and the upcoming CCPA regulations; the appliance is in use at customer sites on 6 continents. He has written articles and spoken at dozens of conferences around the world on data-protection. Having authored protocols at OASIS in the past, he currently collaborates with the NIST National Cybersecurity Center of Excellence (NCCoE), and is an active contributor to the FIDO Alliance to eliminate passwords from the internet. When not advocating for application level security and strong-authentication, he encourages everyone to live the "Blue Zones" life. You can also find him on https://www.linkedin.com/in/arshadnoor/, while he blogs at https://alesa.website/.
Passwords have been around since the 1950s. It is 2020 and we're still using this ancient technology to protect us from sophisticated attackers who have breached over 10 billion records in the last 15 years. FIDO Alliance, an industry standards group released FIDO2 last year and companies such as Apple, Google, Microsoft and Mozilla have started supporting FIDO2 on their browsers and/or operating systems. NIST provided guidance in SP 800-63 (Digital Identity Guidelines) that FIDO protocols deliver the highest authentication assurance, and its National Cybersecurity Center of Excellence published Practice Guidelines on how to use FIDO technology to solve single sign-on problems for the Public Safety/First Responder community, as well as how to secure e-commerce and prevent fraud. This tutorial will provide a comprehensive introduction to FIDO2 and will walk attendees through the process of how to FIDO2-enable a web-application. Technologists, project managers and executives will also learn what steps to take to evaluate FIDO2 and how to integrate FIDO2 within their infrastructure.