The problem today is that no agreed set of standards exists. We have widely disparate views of what these should be. Everybody has their own favourites. In one camp, we have people who believe the future is a completely new set of digital identity technologies: blockchains, DIDs, new cryptographic algorithms, and the DIDComm protocol stack (which is really little more than S/MIME with onion routing), and those like myself who believe we should build the verifiable credential digital identity eco-system on today’s existing ubiquitous standardised protocols and cryptography, such as X.509, OpenID Connect, W3C Web Authentication (FIDO2) and JWTs.


More

Communications of the ACM: Passkeys unlock a new era for authentication

Until recently, replacing passwords has ranked somewhere between tricky and impossible. Passkeys completely eliminate passwords,…

Read More →

SC Media: What should Musk do to better secure Twitter users after 2FA goes away?

While Twitter CEO Elon Musk has defended the move to ban 2FA for non-subscribers as…

Read More →

SC Media: GitHub to roll out 2FA for all contributors starting March 13

GitHub will begin its official rollout of two-factor authentication for developers who contribute code on…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.