CZ.nic is a domain registry organization in the Czech Republic that has been in operation since 1998. The organization manages over 1.3 million domains and is operated as a not-for-profit entity.
In addition to the administration of domain names, CZ.nic is active in the development and deployment of internet technologies as well as identity services.
The Challenge/ Use Case:
One of the primary activities that the CZ.nic domain registry does is it needs to verify the identity of domain owners. CZ.nic has contact information on well over 800,00 domain owners and administrative contacts.
Verifying and authenticating the integrity of user identities is a key challenge that faces CZ.nic. The European Union has a regulation known as Network Information Security (NIS) version 2 (NIS2) that recommends that top level domain registries like CZ.nic have technology and policies in place to properly verify domain owners.
“There’s a common agreement that illegal content is usually linked to fake identities,” explained Jaromir Talir, technical fellow at CZ.NIC and member of eIDAS Technical subgroup. “In the case of domains, there is definitely the possibility to register fake identities as domain owners.”
To that end, CZ.nic developed the mojeID (my ID) service as a way to authenticate user identities. MojeID serves as a central identity service where an individual identity can be associated with a domain.
MojeID also acts as an identity provider that ties into the European Union’s eIDAS (electronic identification and trust services) approach for an identity system that works across the EU.
How CZ.nic Uses FIDO To Secure Its Users
CZ.nic started out with just a username and password for authentication and realized over time that there was a clear need to have stronger authentication options for users.
In 2018, CZ.nic began evaluating the FIDO U2F specification as a solution for two factor authentication. In 2019, CZ.nic shifted its focus to using FIDO2/WebAuthn as it began to roll out the technology for production deployments.
The use of FIDO2 provides CZ.nic with an extensible framework that works across desktop and mobile operating systems and devices.
With FIDO, CZ.nic is able to provide its users with strong authentication for identity verification. FIDO2/WebAuthn is also a core element of the eIDAS enablement for MojeID, which requires the use of a FIDO authenticator, alongside username/password for access.
As of July 2021, CZ.nic had over 30,000 users with FIDO security keys.