June 25, 2019 – June 28, 2019
A well-known industry event, Identiverse gathers leading professionals and vendors with an unparalleled educational track. FIDO Alliance is proud to be an official Industry Partner again this year.
Make sure to stop by our booth when you attend Identiverse 2019. We are presenting and featured in a number of Master Classes and Sessions.
Google Presents: Democratizing phishing-resistant FIDO technology
Tuesday, June 25|10:30am – 11:20am|Masterclass| Georgetown
Christiaan Brand, Product Manager: Security & Identity, Google
Phishing is the #1 security problem on the web. According to Verizon 2018 Data Breach Investigations Report, 41.6% of breaches occurred as a result of stolen passwords, phishing, and pretexting. The industry’s collective response to this problem has been multi-factor authentication, but implementations are fragmented and most still don’t adequately address phishing. Google has been working with the FIDO Alliance since 2013 and, more recently, with the W3C to implement a standardized phishing-resistant FIDO2 protocol that can be used by any web application. This session will demystify FIDO2 and run through new, exciting user journeys enabled by these protocols to make FIDO2 available to more people.
Client Defined Key binding
Tuesday, June 25||Session| Jefferson
Michael Engan, Principal Systems Architect, T-Mobile
As an IDP we are moving users away from static passwords, by rolling out FIDO security keys. Likewise, we have been shifting our RP/SP’s away from client secrets and towards registered JWK public keys. The OIDF standards now enable clients to use proof of key signatures in both the Authorization and Token endpoints/calls. With this presentation, I will review suggested changes to enable clients to re-use the same keys to secure user info or any other API services. Likewise, we can show how Client instances can
Federating FIDO through a Blockchain
Tuesday, June 25| 16:00pm – 16:25pm| Session| Monroe
Manah Khalil, IT Director – Application Security; Verizon Communications, Inc.
The FIDO implementation addresses well the problem of having and managing multiple passwords. However current FIDO implementations are limited to one RP at a time, forcing the adoption of federated authentication through one IDP to handle auth for multiple RPs. The Facebook/Google sign-in issues in 2018 have demonstrated that a single IDP cannot be trusted to power the Internet. In my
The State of FIDO
Tuesday, June 25| 17:00pm – 17:25pm| Session| Georgetown
Andrew Shikiar, CMO, FIDO Alliance
An overview of the current state of the FIDO standard; adoption; and a glimpse into the future.
Envisioning Authentication Beyond FIDO
Tuesday, June 25| 17:35pm – 18:00pm| Session| Georgetown Rajiv Dholakia & Rolf Lindemann, Nok Nok Labs
The outlines of FIDO were first discussed at Cloud Identity Summit in Vail. Six years on, it is a firmly established standard with over a billion users using it every day through major brands they interact with. FIDO was conceived as a building block for strong identity & authentication practices and there are applications that range from consumer to enterprise to IoT in wide deployment. How do we think about strong authentication & user identity and experience in a world where hardware-based strong user authentication is ubiquitous? How should one augment FIDO based authentication and what are the key additional building blocks required for a successful deployment at scale? What user journeys are easy and which are hard within the current authentication landscape? This talk from one of the inventors of FIDO will provide a view of the authentication landscape, its projected evolution and best practices to achieve authentication nirvana.