Multi-factor & Risk-based Authentication , Security Operations , Video
How FIDO2 Can Streamline Passwordless Tech, Account RecoverySuperlunar's Nick Steele on How Passkeys, Conditional UI Benefit Credential Sharing
The FIDO2 standard has driven not only the adoption of multifactor authentication but also the embrace of passkeys and conditional UI, says Superlunar's Nick Steele.
See Also: Rapid Digitization and Risk: A Roundtable Preview
FIDO2 will help users adopt passwordless flows on their browsers and laptops while protecting websites with public key credentials in a way that wasn't possible before. Passkeys, meanwhile, make it easier to share credentials for the same website between a phone and a browser, and they lower the barrier for account recovery, and conditional UI prompts users to log in with passkeys when available, he says (see: FIDO Panel: Remember, Passwordless Is All About Usability).
"FIDO2 allows us to have unique and scoped credentials which are specific to a single website," Steele says. "If an attacker was to get ahold of that credential, it's unique to that website so they wouldn't be able to relate it to any other website and they couldn't actually do anything with it. What an attacker would get is a public key, which is kind of useless. An attacker would gain very little from having that."
In this video interview with Information Security Media Group from the FIDO Alliance's Authenticate 2022 conference, Steele also discusses:
- How FIDO2 helps drive adoption of multifactor authentication;
- The significance of passkeys and conditional UI in authentication;
- How passkeys can help organizations streamline account recovery.
Steele leads research for Superlunar, a private New York-based R&D group. A security researcher and identity expert from Brooklyn, New York, he works with the World Wide Web Consortium as a contributor and co-chair and has been working with W3C on the WebAuthn standard since 2017.