On-Device Authentication Month: The Primer

May is On-Device Authentication Month at FindBiometrics, in which we are placing a featured focus on the identity solutions that play it close to home, storing and matching personal and biometric data within a device rather than on a remote server. The five week event will culminate with the next entry in our renowned webinar series, Preparing For a Post-Password Internet, which is presented by FindBiometrics and the FIDO Alliance.

The on-device authentication paradigm is widely popular and dynamic – a space of innovation that has the power to change our everyday conception of identity thanks to the proliferation of mobile devices, biometrics and security standards. Before we dive deep into the world of strong online authentication, we need to take inventory, and that’s why we’ve compiled this On-Device Authentication Month Primer, outlining the major topics and trends we will be discussing throughout May.

Check it out:

Privacy By Design

On-Device Authentication Month: The PrimerOne of the key features of on-device authentication is the concept of decentralized credential storage. Each identity credential is stored in a secure element on the device being used to grant access to digital and online accounts. This feature of an on-device authentication ecosystem means that any hack attack must be conducted on a one-to-one basis. There are no massive databases to be hacked, and what’s more: the secure element itself is an enclave separate from a device operating system, meaning any attempt to hack a device will require it to be physically stolen. Because of this, the relying party never touches your credentials either, meaning things like payment information remains private too.

The links to news and interviews below will help further illustrate the benefits of decentralized authentication:

AUDIO INTERVIEW: Trustonic CTO Richard Hayton Talks TEE and Digital Holograms

New GlobalPlatform APIs Connect Biometric Sensors to TEE

Samsung Pass Integrates HYPR’s Decentralized Authentication Solution

Aware Weighs In On Device- Vs. Server-Based Authentication

Fast Identity Online


On-device authentication is more than just an idea, it’s a cross-industry movement driven by global leaders in biometrics, identity, security, mobility, finance and internet services. The FIDO (Fast Identity Online) Alliance is the consortium under which these varied global interests gather and collaborate on the development and implementation of standards aimed at replacing passwords with secure second factor and universal biometric authentication. The following articles will give you an idea of FIDO’s philosophy as well as its recent activity and growth:

AUDIO INTERVIEW: Andrew Shikiar, Senior Director of Marketing, FIDO Alliance at Mobile World Congress 2018

2017 Brought 200% Jump in Nok Nok Labs Billings, Thanks to Growing Interest in FIDO Authentication

Raonsecure and theloop Bringing FIDO-Based Biometrics to Blockchain

Aetna Showcases the FIDO Advantage at HIMSS 18

FIDO Alliance Sees Strong Adoption in Korea

FIDO Alliance Welcomes Amazon to Board of Directors

FIDO Japan Working Group Membership Rose to 25 Companies in 2017

FIDO Authentication Can Complement Federation Protocols

The New Internet

The FIDO Alliance recently unveiled its FIDO2 standards, developed in association with W3C, and they stand to finally make good on FIDO’s longstanding promise to kill the password. Two key standards make up FIDO2, WebAuthn and CTAP (Client to Authenticator Protocol), both of which enable unprecedented reach for on-device authentication applications. In short, WebAuthn promises to enable users of Microsoft Edge, Mozilla Firefox, and Google Chrome browsers to completely do away with usernames and passwords. CTAP is complementary of the standard, allowing for FIDO2 compliant devices like biometric smartphones or security cards to be used as the authenticator in such a scenario, interfacing via Bluetooth, NFC or USB.

This is massive news, and FindBiometrics and Mobile ID World have you covered when it comes to understanding it all with the following articles:

FIDO and W3C Bringing Strong Authentication to Edge, Firefox and Chrome Browsers

What You Need To Know About FIDO2’s Two Key Standards

HID Global Seeks to Leverage FIDO2 for Microsoft Authentication

FIDO2 Hits The Ground Running With Strong RSA 2018 Showing


Who You Are

On-Device Authentication Month: The PrimerWhen it comes to biometrics, on-device authentication is fully multimodal. Fingerprint, face, iris, and voice recognition solutions are all included under the decentralized authentication umbrella, as are new modalities like physiological biometrics. Even when a biometric security solution depends on remote servers, like some behavioral biometrics systems, those can be deployed in support capacities to on-device authentication scenarios.

The articles below will provide insight into how different modalities work as on-device authentication solutions while illustrating the variety available on the market:

Turbi Uses FaceTec’s Biometrics For Car Access

Daon Builds on Success in Hong Kong Banking Sector

TrulySecure Upgrades ‘Nearly Eliminate’ Spoofing Possibilities: Sensory

Zighra Launches On-Device Continuous Authentication System

INTERVIEW: Martin Zizi, and Pierre Pozzi, Aerendir Mobile, Inc.

Samsung Galaxy Note8 Iris Biometrics Powered By Princeton Identity

How Does Face ID Change the Apple Pay Experience?

NexSign Shows How Behavioral Biometrics Can Support FIDO Authentication: BioCatch

What You Have

On-Device Authentication Month: The PrimerNon-biometric security factors also play a role in killing the password. Security keys that work in conjunction with passwords help ensure that even compromised digital credentials aren’t enough to grant access to an account. In line with FIDO’s Universal Second Factor standards, these keys disable the business model of password selling, ensuring any sort of account breach would have to require a stolen physical device as well as a compromised knowledge-based credential.

FIDO Certified U2F Device is a Convenient Solution for GDPR Compliance

Yubico Helps Users Pass on Passwords for Windows 10 Devices

Microsoft is Killing The Password With FIDO2 Compliant Security Keys

Fingerprint Biometrics Featured on New FIDO2-Compliant USB Key

The End of the Password

On-Device Authentication Month: The PrimerThe on-device authentication model benefits from the ubiquity of secure elements and biometrics in the consumer sphere, as well as a great deal of support around the globe, and that’s why it’s such a good bet for finally killing passwords. The technology is literally in users’ pockets, and thanks to FIDO2, it can finally be deployed to do away with the passwords that plague our lives. And passwords do plague our lives. The following articles will give insight into the password problems of today and what a future without them might look like:

‘Password Overload’ Is Pushing Millennials To Reuse Passwords More Than Anyone Else

On World Password Day Remember: Passwords Are Terrible

Multiple Generations Agree It’s Time To Move Beyond Passwords

Majority of Survey Respondents Dissatisfied With Passwords

Passwords Can’t be Hacked if They Don’t Exist: Nok Nok Labs

Businesses Spending More on Cybersecurity, Experts Move ‘Beyond Passwords’


Stay posted to FindBiometrics throughout May as we continue to bring you more On-Device authentication Month coverage. Be sure to sign up for our upcoming webinar, Preparing For a Post-Password Internet, for an in-depth and interactive discussion on the topic with an expert panel.

On-Device Authentication Month is made possible by our sponsors: Nok Nok Labs, Aware, Inc., and Daon.