FIDO case studies showcase biometric logins to eBay and NHS App, first 2021 virtual event announced
The FIDO Alliance has announced plans for its first Virtual Summit of 2021 and published case studies involving a famous online retailer and a government health authority replacing passwords with biometrics or physical tokens.
The first FIDO Alliance 2021 Virtual Summit will delve into ‘Modern Authentication for Financial Services,” which is a leading industry for adoption of digital transformation and advanced authentication systems.
The webinar will be held on March 25, and feature analysts from Javelin Research and representatives of Visa, StrongKey, eBay, Gemini, Google, Mastercard, JP Morgan Chase and Trusona. A panel will discuss payments and the future of authentication, and attendees will hear tips on securing crypto, leveraging the FDX and FIDO protocols for secure access and data sharing, and considerations and best practices for optimized user experiences of strong authentication.
“Building off of the success of our Authenticate conference last year, we developed the Authenticate Virtual Summit Series to provide informative and interactive content on the role of modern authentication in organizations’ evolving digital transformation plans. Payments, financial services and cryptocurrency are natural focus areas for our first Summit, as these are amongst the leading industries for adoption of modern authentication systems — an imperative that has only accelerated during COVID-19,” says Andrew Shikiar, executive director and CMO of the FIDO Alliance. “We are proud to have such an esteemed roster of financial services industry thought leaders committed to imparting their collective insight, especially as the risks of security breaches remain high and consumers demand increasing convenience.”
eBay and NHS passwordless biometric authentication case studies
The case studies lay out two different approaches to FIDO adoption to suit different organizational needs.
The adoption of FIDO2 and the FIDO UAF protocol for passwordless account access by ecommerce giant eBay is the explored in a case study, starting with the common problem of usernames and passwords leaving the platform vulnerable to fraud while also inconveniencing users and generating cost for password resets. OTPs were attempted and found to provide the security desired, but with an associated cost and increased friction for users.
eBay built its own open source FIDO server to process authentications to its mobile app, mobile browser and desktop sites. This approach maximizes control over the user experience and enables better management of other login options, like social logins, according to the post.
As a first step, eBay implemented a push notification flow, and then launched FIDO2 with fingerprint or face biometrics as a primary authentication method. This login method has delivered higher opt-in rates than SMS OTPs, and higher login success rates.
Over the next six months, the company plans to solve the question of how to recover an account if a FIDO authenticator is lost or stolen, which would enable eBay to completely eliminate passwords.
The UK’s National Health Service (NHS) put FIDO authentication into place for its NHS login service based on OpenID Connect, which unifies multiple digital health and social care services.
The NHS App was rolled out in tandem with NHS login, and implemented a user friendly multifactor authentication mechanism adhering to public services standards and guidelines within a short time frame, according to a separate case study. NHS Digital decided to offer a biometric alternative to SMS OTPs, and that the authentication platform would need to be open and scalable to work with the OpenID Connect Authorization Code Flow protocol used by NHS login.
NHS’ in-house team used eBay’s Open Source UAF server, rewriting the FIDO server to run optimally on AWS Lambda because NHS login uses a serverless architecture. By October, NHS login had been integrated by 20 partners and services, and the NHS App had close to 1.2 million users. Of 32,000 new users per week, 25,000 set up biometric authentication with the FIDO UAF, and the number of SMS OTPs sent by NHS Digital has been cut by nearly two-thirds.
Article Topics
authentication | biometrics | cybersecurity | FIDO Alliance | identity management | online authentication | secure transactions | standards | webinar
Comments