In this discussion, G. Mark Hardy and Nishant Kaushik explore the necessity of moving beyond traditional passwords, which they define as the original sin of cybersecurity due to their vulnerability to credential stuffing and phishing attacks. Kaushik explains that the FIDO Alliance promotes a passwordless future by replacing shared secrets with asymmetric cryptography, utilizing private keys stored on smartphones or hardware tokens like YubiKeys to ensure phishing-resistant authentication. The conversation highlights that identity is the new perimeter, shifting the focus from human-memorized codes to biometric verification and device-bound passkeys that verify user presence. Ultimately, the experts warn that a secure transition must include robust account recovery flows, as failing to secure the “back door” renders even the most advanced cryptographic-based authentication vulnerable to exploitation.


More

Cyberscoop: NIST urged to include multi-factor authentication in cyber framework

In this Cyberscoop article, FIDO Alliance Executive Director Brett McDowell and Jeremy Grant of the…

Read More →

Cyberscoop: It’s time to put multi-factor authentication in the NIST Cyber Framework

In this article in Cyberscoop, Executive Director Brett McDowell explains why multi-factor authentication is a…

Read More →

The Paypers: You can now meet PSD2 authentication requirements while improving user experience

In this article in The Paypers, FIDO Alliance Executive Director Brett McDowell explains how FIDO…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.