FIDO Authentication in India
By Andrew Shikiar, Senior Director of Marketing, FIDO Alliance
Last month FIDO held our first events in India – half-day seminars in Mumbai and Bangalore. It was an eye opening experience in many ways, and it’s clear that the desire for simpler, stronger authentication spans borders and use cases. The audiences were very savvy and engaged in both sessions – asking pointed questions and sparking fresh ideas that will be brought back into FIDO’s working groups.The Tour was generously sponsored by Persistent Systems and the Data Security Council of India (DSCI), with additional support from Egis Technologies, Feitian, Nok Nok Labs and NXP.
India is home to a bustling economy that is driven by a technology sector providing product development and integration services on a global scale. This economy serves a population that is more connected by the day. In fact, India has passed the United States and is now the second biggest consumer of the Internet (behind China). This latter trend in connecting the previously unconnected is where the Indian government has been very proactive in creating relevant technology policies and initiatives – and also is where FIDO stands to have the greatest impact.
For starters, some key numbers give you a feel for the types of transformations that are possible in India. In telecommunications – just 20 years ago it could take even city-dwellers weeks or longer to get landline service due to the vastness and complexity of the infrastructure. As a result, in 2001 there were less than 37 million fixed and mobile subscribers. Today, however, there are over a billion mobile subscribers and still only 25 million fixed line subscribers – which enables the next frontier for Indian transformation: payments.
While Indian society is clearly becoming increasingly connected, it is still a cash-driven economy with less than 5% of transactions happening electronically as recently as 2014. The country’s goal is to bring this ratio more in line with countries like the United States or United Kingdom, where the majority of transactions are handled electronically. But as more and more people leverage electronic or mobile transactions, opportunities increase for hacking and fraud.
Fortunately, the Indian government is well ahead of the curve on this matter, and has mandated second-factor authentication for all online and mobile transactions. This currently manifests itself via one-time passcodes delivered over SMS, which while certainly better than single-factor does have its usability and security challenges. As part of FIDO’s efforts in India, we will be engaging with leaders in policy and commerce to introduce the added security benefits that FIDO authentication brings to the table versus one-time passcodes (OTPs). In addition, much of India uses PKI and digital certificates to ensure secure online transactions – this is a bulky and time-consuming process that stands to be vastly improved through FIDO authentication.
Successive generations of technology have required users to become more and more savvy. In the context of India and other emerging populations, however, the challenge is to simplify the usage of technology. FIDO, with its option for biometric-based strong authentication, is ideally suited to offer a viable solution. In fact, one of the founding visions for FIDO was to have a solution protecting the next billion users who don’t know what a password is, and who shouldn’t have the pain of passwords inflicted upon them.
These ideals also pertain to the “newly banked” in India – where there are now tens of millions of people using mobile devices to make purchases and small peer- to-peer transactions. This demographic will be conducting mobile transactions before they’ve ever seen a web page or have ever received an email, which makes them particularly susceptible to phishing attacks. Eventually they will receive email – and as 12% of links in phishing emails are currently opened today, there’s a good chance that less experienced users will take the bait. As such, it’s critical that their service providers deploy FIDO authentication solutions which are architected to prevent phishing and man-in-the-middle attacks.
We’re excited to build on this initial foray into India, and in the near future will be launching a dedicated effort in the region in order to support and grow the local FIDO community. Stay tuned for more details!
The Verge: You can now sign into a Microsoft Account without a password using a security key
Microsoft is the first company to support passwordless authentication using...November 20, 2018
Bank Info Security: State of the Authentication Landscape
In this Bank Info Security article, Shane Weeden, an authentication...November 6, 2018
Tech Target: How can U2F authentication end phishing attacks?
Tech Target reports on Google’s adoption of FIDO U2F security...November 5, 2018