The FIDO Alliance has released a new set of user experience (UX) guidelines for organizations that want to enable FIDO authentication for their customers. The guidelines were put together to encourage more people to make the switch to passwordless methodologies, serving as an implementation roadmap that organizations can follow to boost adoption rates and maximize the number of people who log in with FIDO technologies.
The first batch of guidelines specifically concerns FIDO authentication on desktop devices, though the Alliance is planning to roll out additional guidelines that will address other environments. In that regard, the Alliance noted that many devices and web browsers now offer built-in support for the FIDO protocols, and that the guidelines will seek to take advantage of that to make it easier for organizations to get set up with a FIDO system.
Blink UX led the consumer research sessions that led to the creation of the guidelines. The firm acted as a third-party partner, though the research was carried out with input from UX experts working for FIDO Alliance member organizations.
In other news, the Alliance also released updated versions of its FIDO2 specifications. WebAuthn Level 2 (as approved by the World Wide Web Consortium) and CTAP 2.1 (as approved by FIDO) will introduce enterprise attestation, which will help IT departments keep track of the FIDO authenticators issued to employees. The attestation feature will help administrators bind an authenticator to an account with streamlined biometric enrollment, and simplify credential management with improved tracking functions.
The FIDO2 updates are being rolled out to help combat the rising volume of phishing attacks, which corresponds to the recent increase in remote traffic. The UX guidelines are expected to be particularly beneficial to organizations in the financial sector, while the FIDO2 specifications will promote strong authentication principles and enterprise security more generally. The specifications will also support resident credentials, cross-origin iFrames, and Apple attestation.