Session

Getting prepared for passwordless authentication with FIDO2

Passwords have been around since the 1950s. It is 2020 and we're still using this ancient technology to protect us from sophisticated attackers who have breached over 10 billion records in the last 15 years. FIDO Alliance, an industry standards group released FIDO2 last year and companies such as Apple, Google, Microsoft and Mozilla have started supporting FIDO2 on their browsers and/or operating systems. NIST provided guidance in SP 800-63 (Digital Identity Guidelines) that FIDO protocols deliver the highest authentication assurance, and its National Cybersecurity Center of Excellence published Practice Guidelines on how to use FIDO technology to solve single sign-on problems for the Public Safety/First Responder community, as well as how to secure e-commerce and prevent fraud. This tutorial will provide a comprehensive introduction to FIDO2 and will walk attendees through the process of how to FIDO2-enable a web-application. Technologists, project managers and executives will also learn what steps to take to evaluate FIDO2 and how to integrate FIDO2 within their infrastructure.