November 16, 2022
FIDO2 + biometrics – a logical approach to secure unified authentication for hybrid working
By Maria Pihlström
By Maria Pihlström
Imagine never having to create, remember or type a password again. Ever.
While it sounds like an idealist’s prediction for the future, this can be a reality now, and can change the way we work.
The workplace is powered by technology with PCs, smartphones, dongles, cloud applications and more sitting at the heart of today’s working world. While these applications are essential to productivity, securing the office’s digital and physical spaces against growing threats while accommodating ‘work from anywhere’ (WFA) practices as well as hybrid working models are becoming complex balancing acts. Flexibility is good, but digital estates need to be protected for the benefit of companies and employees.
Change is needed, but the solution needs to be seamless, user friendly, secure and flexible enough to support WFA.
Passwordless is logical
Although PINs and passwords are easy to implement, they can be hacked through data breaches, spyware, algorithms, or even social engineering techniques like shoulder surfing. As the number of connected systems in our lives grows, it is becoming almost impossible to create, remember and manage a growing list of passwords and PINs.
Let’s unpack that a little. 60% of consumers feel that they have too many passwords to remember. Some have in excess of 85 for all their professional and personal accounts, and maintaining these in line with differing complexity requirements is an uncomfortable prospect for many. Consequently, many simply re-use the same password or inject minor variations – a sin 41% are apparently guilty of. And even those that use browsers or password managers are creating potential security risks.
Security should not be a burden for employees, nor should it present additional worries for employers. The world is therefore moving to passwordless authentication to control access to PCs, laptops on the move, meeting room set ups, and devices and services in common areas like printers. Workers need one way to access all of this.
What is FIDO2?
The FIDO Alliance developed the FIDO Authentication standards based on public key cryptography. The standards enable authentication that is more secure, simpler for consumers to use, and easier for service providers to deploy and manage when compared to passwords and SMS one-time passwords (OTPs). FIDO Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps.
FIDO2 builds on the FIDO U2F and expands the authentication options to now offer passwordless, two-factor and multi-factor authentication, while retaining the strong security offered by public key cryptography.
This enables a shift from legacy, knowledge-based credentials which rely on server storage, OTPs and passwords, to more modern, possession-based credentials that enable on-device authentication which never touches the server, step-up authentication using biometrics and credentials that work across multiple devices.
This brings a range of clear benefits:
Step up…the biometric x-factor
All FIDO2 authentication is a huge step forward when compared to PINs and passwords. The introduction of biometrics – for example, fingerprint recognition of a USB token or Windows Hello on a laptop – delivers added value as it simplifies the user experience and enables multi-factor authentication by combining the hardware authenticator that you ‘have’ and the biometric that you ‘are’. All with PIN as a fall back.
What’s more, the presence of the fingerprint module in the hardware token prevents any misuse by an unauthorized user if the token is lost or stolen. Importantly, no biometric information is stored in a database and the information stored on the token as a template in binary code. Storing a mathematical representation rather than an image makes hacking considerably more challenging.
Biometrics therefore unlocks swift and secure access control, complementing the convenience of a digitalized workplace and handy authentication token. What’s more, it is firmly established, supported by robust standards such as FIDO2 and Windows Hello. Fueling the continued rise of biometrics is R&D, which has matured the technology over the years into a secure, stable and robust solution used in many different devices.
One token to rule them all
Hybrid working requires smarter approaches to security, access control and authentication to protect companies, their data and employees. Wherever people choose to work. FIDO2 tokens and authentication can enable this and, importantly, this is not ‘coming soon’. Devices are already here, they are certified and in use. Here’s one example from Fetian.
The benefits for users are clear – greater security without impacting convenience. Adopting businesses can better protect their critical infrastructure and data, while enabling new ways of working. And device makers can innovate and build additional revenues through more secure devices and services that foster confidence.
This is a turning point enabling users to adopt multifactor authentication that can be used across multiple devices and services seamlessly. And biometrics is a key pillar in enabling this.
Learn more about protecting smart workplaces, wherever people choose to log on: https://www.fingerprints.com/solutions/access/smart-workplace/.