8月 30, 2021

Amazon is Giving Free FIDO Security Keys to AWS Customers to Encourage Better Account Security

By Andrew Shikiar, Executive Director & CMO, FIDO Alliance

Leaders from Amazon, Apple, Google, Microsoft and IBM met with President Joe Biden at the White House last week to discuss strategies the government and private sector can use together to improve the nation’s cybersecurity. 

Following the meeting, Amazon announced that it will provide eligible AWS customers with access to free FIDO Security Keys. Not only will this protect the burgeoning number of businesses that run on AWS, but it will help instill better authentication practices as these keys can be used across many other business (e.g., G Suite, Github, Dropbox, Stripe) and consumer (Facebook, Twitter, Coinbase, Bank of America) services.

Amazon has been a leading stakeholder in FIDO Alliance for several years now – it is wonderful to see their leadership extended to the market at large. As more businesses move to the cloud, it is absolutely critical that cloud service providers follow suit to protect this critical infrastructure. Threats and attackers are growing in sophistication, and the impacts are non-trivial. Hundreds of millions of personal records are being stolen and resold on the dark web on an alarmingly regular basis. This is a clear and present threat to our economy, our national security and our society.

It’s difficult to name a breach from the past five years that wasn’t tied to stolen credentials. 

The latest prominent attack, which was carried out on Colonial Pipeline, used a single stolen password to essentially cripple the U.S eastern seaboard.

It is important that all businesses take steps to educate and protect their employees and customers from such threats. “Traditional” means of multi-factor authentication (such as OTPs) simply aren’t fit-for-purpose to protect against these attacks, which can financially cripple a company or organization. 

Ultimately, credential-based breaches (like Colonial Pipeline’s) wouldn’t be possible if accounts were protected with FIDO Authentication, which requires local possession of a device with no knowledge-based authentication credentials passed over the network. 

The FIDO Alliance has come a long way since our inception. What started as a whiteboard concept has evolved into technology that is becoming part of the web’s DNA. Virtually every platform and device can now support FIDO Authentication, and there are public SDKs and tools, plus a rich ecosystem of FIDO Certified vendor products and services that can help companies implement FIDO for their sites and apps. 

Amazon’s move to provide free FIDO Security Keys sets a strong – and important – example. We encourage all other cloud service providers to urgently consider following suit by at a minimum enabling FIDO authenticators for admin access to networks.

Download Authn Specs
FIDOアライアンスの最新情報はここからサインアップFIDO関連のニュースをメールのInboxで受信可能です

このフォームを送信することにより、FIDO Alliance, 401 Edgewater Place, Suite 600, Wakefield, MA, 01880, US, http://www.fidoalliance.org からのメールを受信することに同意したことになります。また、各メールの下部にある配信停止リンクを使用することで、いつでもメールの受信に対する同意を取り消すことができます.

Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.