As technology evolves, policy needs to evolve with it.
The global market is bursting with innovation around authentication technology – but some solutions are better equipped to meet the security and usability needs in government.
Through its working groups and member public policy leads, the FIDO Alliance engages in meaningful discussion with policymakers around the world on how FIDO specifications offer newer, better options for strong authentication, and recommends associated policy updates.
FIDO Alliance’s key points for policymakers include:
- Two-factor authentication no longer brings higher burdens or cost. While this statement was true of older traditional MFA technology, FIDO specifically addresses these cost and usability issues and enables simpler, stronger authentication capabilities that governments, businesses and consumers can easily adopt at scale
- Technology is now mature enough to enable two secure, distinct authentication factors in a single device. The evolution of mobile devices – in particular, hardware architectures that offer highly robust and isolated execution environments (such as TEE, SE and TPM) – has allowed these devices to achieve high-grade security without the need for a physically distinct token. This has already been recognized by the U.S. government and the European Banking Authority (EBA)
- As governments promote or require strong authentication, make sure it is the “right” authentication. Governments should not build rules around “old” authentication technologies that can hinder adoption by imposing significant costs and burdens on the user, nor should they build rules around authentication technologies that have security and privacy issues that put users at risk
Policymakers working on authentication requirements can request a briefing from the FIDO Alliance by filling out the form here.
To view FIDO Alliance policy documents, visit FIDO Alliance Policy Documents.
Governments all around the world are deploying FIDO. Learn about them on the FIDO Government Deployments page.