Passkeys have made real progress in reducing phishing risk, but they do not tell an organisation much about the device being used to create a credential – whether it was issued by the company, or simply bought independently by an employee and registered without oversight. HID’s Enterprise Attestation, now available across its Crescendo range of FIDO2-certified smart cards and security keys, is designed to close that gap.
The capability, built on the FIDO Alliance’s WebAuthn and CTAP specifications, works at the point of passkey registration. When a device attempts to enrol, the system checks for a certificate that ties it to a known, company-issued authenticator. If that certificate is absent or unrecognised, enrolment is blocked by policy. If it passes, the user sees no change to their login experience – the governance layer operates entirely in the background.
That last point matters. The friction introduced by security controls is a persistent adoption barrier, and one that Enterprise Attestation appears to have deliberately designed around. According to the FIDO Alliance’s own deployment research, strict regulatory requirements are cited by around a fifth of organisations as a significant obstacle to enterprise passkey adoption. Removing the ability to distinguish a company-issued authenticator from a personal one purchased independently by an employee does not help that situation.
Enterprise Attestation is supported by identity platforms including PingOne, and operates within standard FIDO workflows rather than requiring proprietary authentication flows or application changes. For security teams, the result is a verifiable, auditable record of every device granted access at registration – without locking into a non-standard implementation.
The capability is relevant across regulated sectors including financial services, healthcare and critical infrastructure, and aligns with compliance frameworks such as the EU’s NIS2 Directive and DORA, as well as Zero Trust architecture requirements. HID is an active participant in the FIDO Alliance Enterprise Deployment Working Group, which continues to develop the standards underpinning this area.
