Centrify introduces FIDO2 standards for biometric passwordless authentication
Centrify has implemented the FIDO2 Web Authentication API to enable biometrics and other passwordless authentication methods for privileged administrator logins, the company announced.
Customers no longer have to rely on passwords and can leverage biometric elements such as fingerprint or facial recognition for strong authentication and a frictionless experience. FIDO2-based authentication boosts security when accessing and managing hybrid infrastructures.
FIDO2 is the most recent standard released by the FIDO Alliance to authenticate devices to online services in mobile and desktop environments. It works with different biometric methods and platforms including Apple Touch ID and Face ID, and Microsoft’s Windows Hello.
Passwordless authentication establishes unique login credentials which are never stored on a server or transmitted from a user device, reducing phishing risks, password theft and replay attacks.
“Centrify’s support for the FIDO2 standard, along with our existing multi-factor authentication and real-time analytics capabilities, now offer stronger authentication factors to verify privileged user identities, greatly reducing the risk of security breaches that might exploit weak, default, or stolen passwords,” said Jeremy Stieglitz, vice president of Product Management at Centrify, in a prepared statement. “The reality is that out-of-sync passwords can hamper employee productivity, interrupt IT operations, and compromise security. Our new biometric support adds an additional roadblock for attackers while removing barriers for administrators to authenticate without the need for passwords.”
Centrify is a member of the FIDO Alliance and had already introduced passwordless access to systems using ephemeral tokens as part of its Privileged Access Service. Biometrics reduce risks and ensure alignment with NIST 800-53 high-assurance authentication controls, the company notes. On-device authenticators that can be used for multi-factor authentication are also part of the company’s product portfolio.