The global market is bursting with innovation around authentication technology – but some solutions are better equipped to meet the security and usability needs in government.
Through its policy program, the FIDO Alliance engages in meaningful discussion with policymakers around the world on how FIDO specifications offer newer, better options for strong authentication, and the updates to policy necessary to support them.
The FIDO Alliance’s key points for policymakers include:
- Two-factor authentication no longer brings higher burdens or cost. While this statement was true of older traditional MFA technology, FIDO specifically addresses these cost and usability issues and enables simpler, stronger authentication capabilities that governments, businesses and consumers can easily adopt at scale
- Technology is now mature enough to enable two secure, distinct authentication factors in a single device. The evolution of mobile devices – in particular, hardware architectures that offer highly robust and isolated execution environments (such as TEE, SE and TPM) – has allowed these devices to achieve high-grade security without the need for a physically distinct token. This has already been recognized by the U.S. government and the European Banking Authority (EBA)
- As governments promote or require strong authentication, make sure it is the “right” authentication. Governments should not build rules around “old” authentication technologies that can hinder adoption by imposing significant costs and burdens on the user, nor should they build rules around authentication technologies that have security and privacy issues that put users at risk
Policy makers working on authentication requirements can request a briefing from the FIDO Alliance by filling out the form here.
Response to the European Banking Authority (EBA) Discussion Paper on Future Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication Under the Revised Payment Services Directive (PSD2)
In this response to the EBA, the FIDO Alliance details how FIDO-compliant implementations that follow security best practices are ideal examples of what the EBA regulations for “strong customer authentication” under PSD2 are striving to foster: simpler, stronger authentication capabilities that merchants and consumers will adopt at scale. The response also describes how the EBA’s acceptance of FIDO’s public key cryptographic architecture, especially when combined with on-device biometrics, will reduce the vulnerability surface of their payment service providers — and presumably also reduce online fraud rates as a result — and accelerate overall online payment volume through reduced friction in the user experience.
Input to the Commission on Enhancing National Cybersecurity
In this input document, the FIDO Alliance makes three recommendations to the U.S. government for addressing cyberthreats: 1. Make it a national priority to replace passwords and other “shared secret” authentication approaches with more secure solutions. 2. Promote the use of new authentication standards such as FIDO as a best practice for authentication and 3. Accelerate the adoption of strong authentication through actions that will help create demand for these solutions.
FIDO Privacy: FIDO Alliance White Paper
This white paper describes how privacy has been taken into account in the design of the FIDO protocols, and how they can help meet privacy requirements from certain regulatory authorities.
|FIDO Certified Products Showcase||Webinar: FIDO and Policy||Deploy FIDO Solutions|