Cloud Identity Summit Recap: FIDO Authentication is Critical to the Present and Future of Identity
Andrew Shikiar, Senior Director of Marketing, FIDO AllianceThe FIDO Alliance team is back from a productive week at Cloud Identity Summit (CIS), the event focused on the past, present and future of identity management and security. Given the sessions lineup and the chatter on the show floor, it was clear that FIDO is top of mind for all of the main players contributing to the future of identity. Here are our top three takeaways from the show:
- Identity leaders are recognizing that open FIDO standards are a key component for the future of identity. Many sessions at CIS focused on FIDO’s role in creating an intelligent identity ecosystem, including a keynote from Microsoft’s Alex Simons and Nitika Gupta that previewed FIDO-based passwordless login simply by touching a FIDO security key. This is just one example of the future of authentication with FIDO, which provides user-friendly, privacy-aware user experiences (spanning biometrics, security keys, wearables and more) across platforms to meet varying requirements.
- Executives in the identity space are eager to stay up-to-date on FIDO Authentication. This was apparent by the attendance at the FIDO workshop on the first day, which provided a number of updates and case studies from members and other key stakeholders in the FIDO ecosystem. It also was apparent by the heavy traffic and great conversations at the FIDO pavilion featuring FIDO members Feitian, Hypersecu, Gallagher and Nok Nok Labs, as well as members’ booths from companies including Yubico and Microsoft.
- Policy is evolving to keep up with the changing nature of authentication. In his session, FIDO Alliance Executive Director Brett McDowell talked about the changing nature of authentication and the ways that policy must — and is — evolving to keep up. For one example, “old” strong authentication required that authentication factors be sent over different channels and/or devices, while modern authentication takes advantage of new security properties in most consumer devices to create separation between “what you have” and “what you are” authentication factors to allow for true strong authentication on a single device. McDowell pointed to several examples of policy recognizing this, including U.S. NIST/OMB guidance and the European Banking Authority’s PSD2.
At the show, we also learned that the conference will evolve and be rebranded as Identiverse for 2018. According to the event’s founder and Ping Identity CEO Andre Durand, “Our event’s name is changing, but the mission stays the same. Cloud Identity Summit served us well. But it’s time to embrace something bigger — a community, an Identiverse that lives year-round, and still summons the brightest minds in identity and security to gather once a year.”
The FIDO Alliance and FIDO Authentication are now clearly an integral part of this flourishing community, and we are happy to contribute our brightest minds to the collective Identiverse.
The Verge: You can now sign into a Microsoft Account without a password using a security key
Microsoft is the first company to support passwordless authentication using...November 20, 2018
Bank Info Security: State of the Authentication Landscape
In this Bank Info Security article, Shane Weeden, an authentication...November 6, 2018
Tech Target: How can U2F authentication end phishing attacks?
Tech Target reports on Google’s adoption of FIDO U2F security...November 5, 2018