FIDO Series Part 1: What is FIDO Passkey and Why is it Important?
Cybercrime is an enormous problem in today’s world and continues to grow at an exponential rate. In fact, according to Cybersecurity Ventures, the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to a whopping $10.5 trillion by 2025.
One of the main enablers for the escalation in cybercrime is the over-reliance on passwords. According to the FIDO (Fast Identity Online) Alliance, passwords are the root cause of more than 80% of data breaches. This is because passwords can easily be phished, intercepted in transit, and uncovered via a variety of attacks. Further, users are often overburdened with remembering passwords across, on average, 90 different online accounts. It’s no surprise then that 51% of people re-use non-complex passwords across multiple accounts. As a result, weak or re-used passwords are effortlessly accessed by criminals. So, rather than execute complex hacks, threat actors simply log in to accounts to execute cybercrimes. The good news is, there is a better way: passwordless authentication, also known as phishing-resistant Multi-Factor Authentication (MFA).
What is FIDO Passkey?
The FIDO Alliance is currently developing FIDO – a passwordless authentication method that is a global standard based on public key cryptography – to help reduce the world’s over-reliance on passwords. Their latest innovation is FIDO passkey, a new, universal authenticator that acts as a replacement for passwords. Since FIDO in general, and passkeys in specific, do not leverage shared secrets anywhere in the authentication process, they are resistant to phishing. As they also protect against MFA credential attacks (as described by CISA), passkeys are designed to meet federal phishing-resistant MFA specifications.
In short, FIDO passkey is a new type of authenticator that can be securely stored on a YubiKey or a smart card. It provides a way for users to more quickly, easily, and securely sign in anywhere – from desktops to websites to applications – using phishing-resistant FIDO sign-on credentials.
How Does FIDO Passkey Work?
Passkeys are typically managed by phone or computer operating systems that are then automatically synced between the user’s devices via a cloud service. An encrypted copy of the FIDO passkey is also stored via a cloud service.
To use FIDO passkey, a user can sign in to a website or application by using biometric data, such as a fingerprint or facial recognition, or by entering a PIN. FIDO sign-ins with passkeys can be designed to be available from a single device, known as a single-device passkey or from multiple devices (multiple-device passkeys), depending on the use case. By using passkeys, users have access to their FIDO sign-on credentials across their devices, including new devices, without the inconvenience of having to re-enroll in a new account for every device, application, and more.
What The Future Holds and Axiad’s Approach to FIDO
FIDO is used today among some of the world’s largest companies and governments to increase their authentication security from end-to-end. Many large tech companies are part of the FIDO Alliance, including not only Apple, Google, and Microsoft, but also Amazon, Intel, Samsung, VISA, American Express, PayPal, and many more. In fact, in May 2022, Apple, Google, and Microsoft announced plans to support FIDO passkey, indicating that it will likely become the gold standard in authentication technology in the future.
Axiad is also heavily committed to FIDO. In February 2023, we announced the company has been formally appointed to the FIDO Alliance Board with Karen Larson, our senior director of strategic partnerships and alliances, serving as the company’s primary board delegate.
Because general availability for FIDO passkey has not yet been announced, for the time being, we are taking an approach we call “Pragmatic FIDO.” To us, that means supporting the FIDO framework today while planning for FIDO passkey AND leveraging methods that span use cases not provided by FIDO such as Axiad’s Certificate-Based Authentication (CBA), which is driven from a unified Axiad Cloud Platform. To make that vision a reality, based on our ongoing commitment to FIDO, we will extend our existing FIDO and FIDO2 compliant authentication methods with FIDO passkey to help our customers set a new bar for authentication security and convenience with their end users.
Until then, we hope you’ll join us in our journey as we help organizations future proof their authentication needs with FIDO. For additional information, please request a demo with one of our experts to see how it works and witness the power of our platform for yourself.