Target is a retailer with locations across the U.S as well as online ecommerce operations. Target also provides loyalty and credit card services to its customers.
The Challenge/ Use Case
The initial use case for FIDO at Target was to help enable a secure login experience across applications at the company, as part of a broader platform modernization effort.
Target’s challenge was to provide a consistent and secure login experience across applications at Target, to provide a seamless experience to its users.
“We had to reduce friction, wherever possible, be it in the authentication flow by reducing the dependencies on passwords, or in the onboarding process by making it easier for applications and business owners to easily consume the enterprise authentication services,” explained Nataraj Rao, Principal Engineer for Security Solutions at Target.
How Target Uses FIDO To Secure Its Users
Target initially integrated a FIDO server with its Single Sign On (SSO) platform to provide multi-factor strong authentication capabilities.
“Support for a wide variety of authenticators makes it possible for team members to choose from a wide variety of authenticators and avoids a scenario where they are not able to move forward, just because they did not have a specific authenticator at that time,” Rao said.
With a solid understanding of how FIDO works and how it can be integrated with Target’s systems there are multiple use cases where it can be deployed. Among those use cases is for providing additional verification, in a multi factor authentication flow. FIDO can be used as the primary authenticator and can completely eliminate passwords from the login equation. It can be used for native authentication to mobile applications, providing a very intuitive login experience for Target’s mobile users.
FIDO2 in particular has been useful for Target as it’s integrated into most modern web browsers without the need for users to install any third-party software or plugin on their devices or browsers.
With FIDO, Target is able to provide a better authentication experience for its users and is taking steps toward enabling a passwordless future.
“We all know that it’s not easy to get rid of passwords immediately,” Rao said. “But let’s all take a step towards it.”