Introduces why FIDO membership is beneficial to you - better security, reduced cost, simpler and safer for users. Presented by Brett McDowell, Executive Director of FIDO Alliance
3. All Rights Reserved | FIDO Alliance | 2016 3
Solving the Password Problem
63% of data breaches
in 2015 involved
weak, default, or
stolen passwords
-Verizon Data Breach
Report
Data breaches
expected to reach
1,000 in 2016
up 22% from 2015
-Identity Theft Resource
Center
Each data breach
costs $3.8 million
on average
up 23% from 2013
-Ponemon Institute
5. All Rights Reserved | FIDO Alliance | 2016 5
The FIDO Alliance is an open industry
association of over 250 organizations
with a focused mission:
authentication standards
8. All Rights Reserved | FIDO Alliance | 2016 8
HOW “Shared Secrets” WORK
ONLINE
The user authenticates
themselves online by presenting a
human-readable “shared secret”
9. All Rights Reserved | FIDO Alliance | 2016 9
HOW FIDO WORKS
AUTHENTICATOR
LOCAL ONLINE
The user authenticates
“locally” to their device
(by various means)
The device authenticates
the user online using
public key cryptography
10. All Rights Reserved | FIDO Alliance | 2016 10
Support for Two Authentication Experiences
ENABLES MANY AUTHENTICATION OPTIONS | EACH SERVICE PROVIDER REGISTERS UNIQUE FIDO CREDENTIALS
11. All Rights Reserved | FIDO Alliance | 2016 11
USABILITY, SECURITY, R.O.I.
and
PRIVACY
12. All Rights Reserved | FIDO Alliance | 2016 12
No 3rd Party in the Protocol
No Secrets on the Server Side
Biometric Data (if used) Never Leaves Device
No (*new*) Link-ability Between Services
No (*new*) Link-ability Between Accounts
14. All Rights Reserved | FIDO Alliance | 2016 14
FIDO Development History
FIDO 1.0
FINALFirst
Deployments
UAF & U2FSpecification
Review Draft
FIDO Ready
Program
Alliance
Announced
FEB
2013
DEC
2013
FEB
2014
FEB-OCT
2014
DEC 9
2014
MAY
2015
FEB
2016
Formal
Standardization
JUNE
2015
Certification
Program
New U2F
Transports
DEC
2016
FIDO 1.1
16. Certification Growth
All Rights Reserved | FIDO Alliance | 2016 16
An open competitive market
Ensures interoperability
Sign of mature FIDO ecosystem
250+
FIDO® Certified
products available
today
152
64
32
62
74
108
162
216
253
Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16
TOTAL
17. Leading OEMs Shipping FIDO Certified Devices
S5, Mini Alpha Note 4,5 Note Edge Tab S, Tab S2 S6, S6 Edge S7, S7 Edge Vernee Thor
Aquos Zeta Xperia Z5 Xperia Z5
Compact
Xperia Z5
Premium
Mate 8
V10 G5
Phab2
Pro
Phab2
Plus
Z2, Z2 ProArrows
NX
Arrows
Fit
Arrows
Tab
All Rights Reserved | FIDO Alliance | 2016 17
18. All Rights Reserved | FIDO Alliance | 2016 18
FIDO in Windows & Web Ecosystems
Windows Platforms
Yoga 910
Web
19. All Rights Reserved | FIDO Alliance | 2016 19
Summary: FIDO Authentication Delivers
Better security
for online services
Reduced cost
for the enterprise
Simpler and safer
for users
21. All Rights Reserved | FIDO Alliance | 2016 21
How FIDO Works
Membership
Levels
Technical
Workstreams
Marketing & Adoption
Workstreams
22. All Rights Reserved | FIDO Alliance | 2016 22
Membership Levels
Board
Sets strategy and overall direction for Alliance
Sponsor
Leads development through FIDO working groups & in marketplace
Associate
Annual networking opportunity, participate in broader ecosystem
23. All Rights Reserved | FIDO Alliance | 2016 23
Technical Working Groups
Security
Requirements
“FIDO 2.0”
Technology
Universal
Authentication
Framework
Technology
Universal 2nd
Factor
Technology
24. All Rights Reserved | FIDO Alliance | 2016 24
Membership Value: Technology
• Influence FIDO’s specifications and technical
output
• Gain early visibility into specs to help guide your
product development and/or deployments
• Benefit from the “IPR Promise”
• Network with technical peers across industry
segments
25. All Rights Reserved | FIDO Alliance | 2016 25
“The IPR Promise” Process - 6.2.1.1
“For each Working Group in which one or more Bound Entities
participates, Signatory, on behalf of itself, all its Related Entities and its
and their successors in interest and assigns, promises not to assert its or
its Related Entity’s Granted Claims against any Participant in such
Working Group for its Public Permitted Uses or Working Group Permitted
Uses, subject to the terms and conditions of this Agreement. [...]”
• A reciprocal promise to not assert patents against the
normative requirements in FIDO specification
• Enables unencumbered growth of FIDO ecosystem
http://fidoalliance.org/membership/details
26. All Rights Reserved | FIDO Alliance | 2016 26
Technical Working Groups
Security
Requirements
FIDO 2.0
Technology
Universal
Authentication
Framework
Technology
Universal 2nd
Factor
Technology
Influence
Early
Visibility
Peer-based
Networking
27. All Rights Reserved | FIDO Alliance | 2016 27
Adoption Working Groups
Certification Marketing
Deployment-
at-Scale
Regional
(China,
India, etc.)
Privacy &
Public Policy
28. All Rights Reserved | FIDO Alliance | 2016 28
Membership Value: Marketing & Adoption
• Tap into FIDO’s ecosystem marketing activities
• Reduced fees for certification testing & logo usage
• Take part in FIDO Pavilions at leading industry events
(turnkey, discounted presence)
• Gain insights from Market Research programs
• Engage with experts to drive regional adoption
• Understand and establish deployment best
practices (benefit from early adopter experience)
• Influence, understand and engage on emerging
policy issues
29. All Rights Reserved | FIDO Alliance | 2016 29
The Road Ahead
Web Authentication
Specification Brings
FIDO to the
Platform
Standards Effort
with EMVCo
Client-to-
Authenticator
Protocol (CTAP)
FIDO Gold Server +
New Certification
Programs
32. All Rights Reserved | FIDO Alliance | 2016 32
Membership Application Procedures
• Ready to join?
• Visit https://fidoalliance.org/membership/
• Have more questions (even after our Q&A)?
• Email info@fidoalliance.org
• Follow us @fidoalliance
• Meet us at upcoming Industry events
• https://fidoalliance.org/upcoming-events/