June 25 – June 28
A well-known industry event, Identiverse gathers leading professionals and vendors with an unparalleled educational track. FIDO Alliance is proud to be an official Industry Partner again this year.
Make sure to stop by our booth when you attend Identiverse 2019. We are presenting and featured in a number of Master Classes and Sessions.
Don’t Miss These Sessions Featuring FIDO Authentication
Google Masterclass: Democratizing Phishing-Resistant FIDO Technology
Tuesday, June 25 | 10:30am-11:20am
Christiaan Brand, Product Manager: Security & Identity, Google
Phishing is the #1 security problem on the web. According to Verizon 2018 Data Breach Investigations Report, 41.6% of breaches occurred as a result of stolen passwords, phishing, and pretexting. The industry’s collective response to this problem has been multi-factor authentication, but implementations are fragmented and most still don’t adequately address phishing. Google has been working with the FIDO Alliance since 2013 and, more recently, with the W3C to implement a standardized phishing-resistant FIDO2 protocol that can be used by any web application. This session will demystify FIDO2 and run through new, exciting user journeys enabled by these protocols to make FIDO2 available to more people.
Bake Your Own App-layer Proof of Possession
Tuesday, June 25 | 15:15pm-15:40pm
Michael Engan, Principal Systems Architect, T-Mobile
As an IDP we are moving users away from static passwords, by rolling out FIDO security keys. Likewise, we have been shifting our RP/SP’s away from client secrets and towards registered JWK public keys. The OIDF standards now enable clients to use proof of key signatures in both the Authorization and Token endpoints/calls. With this presentation, I will review suggested changes to enable clients to re-use the same keys to secure user info or any other API services. Likewise, we can show how Client instances can user runtime keys to secure these calls. While providing similar protections that the TLS token binding standards have pursued this method will allow spanning TLS tunnels and enables applications to sign a transaction as it passes through multiple service layers.
Ping Identity Masterclass: Implementing Passwordless Authentication with FIDO-based, Intelligent MFA
Wednesday, June 26 | 14:00pm-14:50pm
Dana Weinbaum, Senior Product Manager, Ping Identity| Janna Gurevich, Product Manager, Strong Authentication & Mobile, Ping Identity
Advancements driven by FIDO are enabling universal, passwordless experiences and broader adoption of MFA. In this session, you’ll learn how to enable passwordless login to Windows devices and web applications using authenticators like Windows Hello, the PingID mobile application, and even a FIDO-compliant smart ring. You’ll also learn how to enable adaptive authentication using intelligence sources such as IP geo-velocity, IP reputation and user and device risk scores to enable better security and improve user experiences.
Is Your 2FA Broken?
Wednesday, June 26 | 16:25pm-16:50pm
John Bradley, Senior Architect, Yubico
Improvements in phishing techniques are reducing the effectiveness of some second-factor techniques. This session will look at how effective various second-factor techniques are against advanced phishing threats. We will look at NIST SP-800-63-3 guidance on how threats can be mitigated and what attacks are currently being used against the multiple levels of authentication assurance. Phishing techniques effective against OTP and push notification second-factor methods will be demonstrated.
The State of FIDO
Wednesday, June 26 | 17:00pm-17:25pm
Andrew Shikiar, Executive Director & CMO, FIDO Alliance
FIDO2 open standards, developed by the FIDO Alliance in partnership with the World Wide Web Consortium (W3C), allow the consumer electronics industry to build support for easy-to-use, phishing-resistant FIDO authentication directly into their products and platforms. Including the passwordless and second-factor use cases from first generation standards FIDO U2F and FIDO UAF, FIDO2 provides the end-to-end interoperability between devices and online services needed to finally put us past passwords for good. In this session, Andrew Shikiar will provide an overview of the FIDO2 vision for authentication and where adoption is to date, including: browser and platform support; supporting products and certification programs; and deployment by online services. In addition, Shikiar will give a sneak peek into new initiatives to bring the standards development and certification expertise of the FIDO Alliance to new work areas.
Envisioning Authentication Beyond FIDO
Wednesday, June 26| 17:35pm-18:00pm
Rajiv Dholakia, VP Products, Nok Nok Labs| Rolf Lindemann, CTO & Director Products, Nok Nok Labs
The outlines of FIDO were first discussed at Cloud Identity Summit in Vail. Six years on, it is a firmly established standard with over a billion users using it every day through major brands they interact with. FIDO was conceived as a building block for strong identity & authentication practices and there are applications that range from consumer to enterprise to IoT in wide deployment. How do we think about strong authentication & user identity and experience in a world where hardware-based strong user authentication is ubiquitous? How should one augment FIDO based authentication and what are the key additional building blocks required for a successful deployment at scale? What user journeys are easy and which are hard within the current authentication landscape? This talk from one of the inventors of FIDO will provide a birds-eye view of the authentication landscape, its projected evolution, and best practices to achieve authentication nirvana.
Netflix’s Journey with WebAuthn
Wednesday, June 26 | 17:35pm-18:00pm
Jerrod Chong, Chief Solutions Officer, Yubico| Tejas Dharamshi, Sr. Security Software Engineer, Netflix Inc.
As we look toward a future consumed by a growing number of data breaches, using W3C Web Authentication open standards for strong authentication to protect identities is an obvious choice for businesses. Join this session to hear and see how Yubico and Netflix worked together and collaborated on a move to modern strong authentication while maintaining a frictionless user experience. As a core contributor to FIDO2 and Web Authn – new open authentication standards allowing for passwordless login – Yubico will provide an overview of these standards including cryptography advancements that bridge the gap between usability and security. Netflix will highlight how enterprises can offer secure privacy-preserving open standard authentication options for users, without compromising on usability.
MFA for Real – Reports from the Field
Friday, June 28 | 10:30am-11:20am
Andrew Shikiar, Chief Marketing Officer, FIDO Alliance| John Fontana, Standards and Solutions Analyst, Yubico| Marcio Mello, Director and Head of Product, Intuit| Michael Engan, Principal Systems Architect, T-Mobile
Our panel of experts will share their experiences of deploying FIDO solutions at scale. Come and find out how it’s done!