FATF Highlights FIDO Standards in Latest Digital Identity Guidelines

FATF Highlights FIDO Standards in Latest Digital Identity Guidelines

The FIDO Alliance is calling attention to a recent report from the Financial Action Task Force (FATF). The FATF is comprised of international financial regulators, and FATF Recommendations set the industry standard for anti-money laundering and counter-terrorist financing best practices.

In that regard, the organization’s latest “Guidance on Digital Identity” is noteworthy because it placed a particular emphasis on FIDO Authentication. For the first time, the FATF incorporated authentication into its guidelines for customer due diligence, especially for financial institutions that are opening new accounts for people with digital identity credentials. The report listed FIDO as an approved form of authentication, then went on to imply that FIDO’s passwordless authentication protocols are superior to the legacy alternatives.    

“Passwords or passcodes, which are supposed to be ‘shared secret’ knowledge authenticators, are vulnerable to brute-force login attacks, phishing attacks, and massive online data breaches, and are very easily defeated,” reads the FATF report. “Phishing-resistant authenticators where at least one factor relies on public key encryption (e.g., authenticators built off PKI certificates or the FIDO standard) can help combat these vulnerabilities.”

According to the FIDO Alliance, the FATF report is yet another indicator of the growing support for passwordless authentication. Nearly every major web browser introduced support for FIDO2 standards in 2019, and Apple finally joined the Alliance earlier this year. The World Economic Forum also promoted FIDO standards during its annual meeting in Davos.