RSA has unveiled new passwordless and phishing-resistant authentication capabilities, showcasing these innovations at the Gartner Identity & Access Management Summit 2024. The company has released version 4.5 of its RSA Authenticator app for iOS and Android, which has achieved FIDO2 certification, joining a growing roster of authentication solutions embracing this security standard.
The updated authenticator app implements device-bound passkeys, which remain stored on a single device to maintain security. This approach aligns with the broader industry movement toward passkey adoption in enterprise environments. JC Laurent, the product manager responsible for this feature, explains that the passkey capability represents months of development focused on combining security with user experience.
The device-bound passkey solution aims to minimize friction during both registration and authentication processes while maintaining compatibility with existing IT infrastructure. The system requires users to have Android 14 or later, or iOS 17 and later, along with an active internet connection and Bluetooth capability on their devices. This release follows similar moves by major tech companies, including Microsoft’s announcement of native passkey support coming to its Authenticator app in 2025.
RSA’s new authentication solutions align with emerging regulatory requirements worldwide. These include the Australian Signals Directorate’s “Essential Eight” guidelines, which mandate phishing-resistant multi-factor authentication, and the Central Bank of Brazil’s cybersecurity requirements for financial institutions. This regulatory alignment reflects a global trend toward stronger authentication standards in response to evolving cyber threats.
The RSA Authenticator app V4.5 features enhanced administrative controls and improved user onboarding processes. The company’s development roadmap includes plans for expanded mobile passkey functionality, enhanced directory management capabilities, and the integration of AI and machine learning to help security administrators address emerging threats. This development follows the broader industry trend of incorporating advanced phishing-resistant authentication mechanisms into security solutions.
When users register the RSA Authenticator App with RSA My Page, they can register for the ‘RSA Authenticate’ method using OTP, QR Codes, or Push notifications, and register their device as a passkey. However, some mobile devices running Android 14 and later may not support the technical features required for passkey functionality, highlighting the ongoing challenges of implementing new authentication technologies across diverse device ecosystems.
Sources: RSA, RSA Blog, RSA Resources, RSA Products and Solutions Blog
Follow Us