May is On-Device Authentication Month at FindBiometrics, in which we are placing a featured focus on the identity solutions that play it close to home, storing and matching personal and biometric data within a device rather than on a remote server. The five week event will culminate with the next entry in our renowned webinar series, Preparing For a Post-Password Internet, which is presented by FindBiometrics and the FIDO Alliance.
The on-device authentication paradigm is widely popular and dynamic – a space of innovation that has the power to change our everyday conception of identity thanks to the proliferation of mobile devices, biometrics and security standards. Before we dive deep into the world of strong online authentication, we need to take inventory, and that’s why we’ve compiled this On-Device Authentication Month Primer, outlining the major topics and trends we will be discussing throughout May.
Check it out:
Privacy By Design
One of the key features of on-device authentication is the concept of decentralized credential storage. Each identity credential is stored in a secure element on the device being used to grant access to digital and online accounts. This feature of an on-device authentication ecosystem means that any hack attack must be conducted on a one-to-one basis. There are no massive databases to be hacked, and what’s more: the secure element itself is an enclave separate from a device operating system, meaning any attempt to hack a device will require it to be physically stolen. Because of this, the relying party never touches your credentials either, meaning things like payment information remains private too.
The links to news and interviews below will help further illustrate the benefits of decentralized authentication:
Fast Identity Online
On-device authentication is more than just an idea, it’s a cross-industry movement driven by global leaders in biometrics, identity, security, mobility, finance and internet services. The FIDO (Fast Identity Online) Alliance is the consortium under which these varied global interests gather and collaborate on the development and implementation of standards aimed at replacing passwords with secure second factor and universal biometric authentication. The following articles will give you an idea of FIDO’s philosophy as well as its recent activity and growth:
The New Internet
The FIDO Alliance recently unveiled its FIDO2 standards, developed in association with W3C, and they stand to finally make good on FIDO’s longstanding promise to kill the password. Two key standards make up FIDO2, WebAuthn and CTAP (Client to Authenticator Protocol), both of which enable unprecedented reach for on-device authentication applications. In short, WebAuthn promises to enable users of Microsoft Edge, Mozilla Firefox, and Google Chrome browsers to completely do away with usernames and passwords. CTAP is complementary of the standard, allowing for FIDO2 compliant devices like biometric smartphones or security cards to be used as the authenticator in such a scenario, interfacing via Bluetooth, NFC or USB.
This is massive news, and FindBiometrics and Mobile ID World have you covered when it comes to understanding it all with the following articles:
Who You Are
When it comes to biometrics, on-device authentication is fully multimodal. Fingerprint, face, iris, and voice recognition solutions are all included under the decentralized authentication umbrella, as are new modalities like physiological biometrics. Even when a biometric security solution depends on remote servers, like some behavioral biometrics systems, those can be deployed in support capacities to on-device authentication scenarios.
The articles below will provide insight into how different modalities work as on-device authentication solutions while illustrating the variety available on the market:
What You Have
Non-biometric security factors also play a role in killing the password. Security keys that work in conjunction with passwords help ensure that even compromised digital credentials aren’t enough to grant access to an account. In line with FIDO’s Universal Second Factor standards, these keys disable the business model of password selling, ensuring any sort of account breach would have to require a stolen physical device as well as a compromised knowledge-based credential.
The End of the Password
The on-device authentication model benefits from the ubiquity of secure elements and biometrics in the consumer sphere, as well as a great deal of support around the globe, and that’s why it’s such a good bet for finally killing passwords. The technology is literally in users’ pockets, and thanks to FIDO2, it can finally be deployed to do away with the passwords that plague our lives. And passwords do plague our lives. The following articles will give insight into the password problems of today and what a future without them might look like:
Stay posted to FindBiometrics throughout May as we continue to bring you more On-Device authentication Month coverage. Be sure to sign up for our upcoming webinar, Preparing For a Post-Password Internet, for an in-depth and interactive discussion on the topic with an expert panel.