South Korea has eliminated a significant barrier to the usage of the FIDO protocol for passwordless authentication by confirming that it falls outside the scope of a requirement for user consent to process biometrics.

Members of the FIDO Alliance Korea Working Group (FKWG) submitted an official inquiry to the Korea Personal Information Protection Commission (KPIPC), which has responded by stating that the consent rules do not apply to biometric processes performed entirely on user-controlled devices. Since biometric data is not collected, stored or processed by the organization requesting FIDO authentication, the process does not qualify as processing personal information under the Personal Information Protection Act.


More

ComputerWeekly: Data protection practices still poor, survey shows

FIDO Alliance CMO Andrew Shikiar tells ComputerWeekly that the vast majority of breaches are caused…

Read More →

ComputerWeekly: Time to deploy strong authentication, says FIDO

In this ComputerWeekly story, FIDO Alliance CMO Andrew Shikiar explains that with the tools required…

Read More →

Threatpost: Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS

In a Threatpost survey on two-factor authentication, 57% of respondents said hardware tokens like FIDO…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.