Tip of the Day: Say Hello to FIDO Devices

Today's tip...

The FIDO (Fast Identity Online) alliance is a collection of companies including Microsoft, Google, PayPal, and hundreds of others, all working together to solve the shortcomings of passwords. Motivations driving this work include:

  • Weak or stolen passwords account for approximately 76% of all network intrusions.
  • In surveys, 81% of respondents reported using the same password across multiple endpoints.
  • Data surveys show approximately 50% of enterprise help desk calls are for password resets.

The alliance has introduced the FIDO 2.0 open standard to transition users from proving their identity with something they know (passwords) to using something they have such as a physical security key. These physical FIDO 2.0 security keys come in a variety of form factors, whether that be a card, fingerprint protected USB dongle, phone, etc. The device need only implement the FIDO 2.0 standard and the underlying CTAP (Client To Authenticator Protocol) transport protocol to work with the FIDO 2.0 authentication scheme on accommodating platforms such as the Windows client operating system. Extending the capabilities of Windows Hello