The FIDO Alliance is recapping some of the highlights from day four of its inaugural Authenticate event. The day’s virtual programming placed a particularly strong emphasis on the Alliance’s Biometric Component Certification program, and on updates to the W3C Web Authentication (WebAuthn) specification.
It also explained how FIDO authentication can help organizations navigate the current regulatory environment. Venable LLP Technology Business Strategy Managing Director Jeremy Grant addressed that subject in a session titled “What Regulators Want”, explaining that FIDO standards have become increasingly popular with governments that want to protect their own infrastructure while making sure that their citizens have access to secure services.
Some of the day’s panel discussions expanded on that theme, pointing out that GDPR does not provide any direction with regards to strong customer authentication. Many of the speakers described that as an oversight, and advised organizations to adopt strong authentication practices. Doing so will make it easier to protect people’s right to privacy, especially as governments pass laws that force businesses to be transparent about their use of people’s personal data.
In the afternoon, Google Software Engineer Jeff Hodges explained that the second version of WebAuthn will address some of the bugs that were present in the original. He argued that the specification is important because it supports FIDO2 and helps replace passwords with more reliable forms of authentication.
After that, Yubico Senior Architect for Standards John Bradley explained how WebAuthn’s new Large Blob Storage extension will enable web-based FIDO SSH sessions with encrypted arbitrary data storage. Finally, Auth0 Principal Architect Vittorio Bertocci argued that organizations should implement WebAuthn in stages, and that they should see the benefits of doing so at every step of the process.
“The adoption of WebAuthn is a journey and the standardization was a huge step, but now, we’ve got to roll up our sleeves and help the industry to adopt it,” concluded Bertocci.
WebAuthn became an official web standard in March of 2019.