FIDO Alliance white paper guides enterprise MFA choices, Summit details unveiled
The FIDO Alliance is attempting to win over enterprises to adoption of its passwordless access control protocols with multi-factor authentication, while the window to answer a call for speakers at the Alliance’s annual Authenticate conference has been extended. A new partnership extends the availability of enterprise biometric tools for FIDO authentication, and the FBI wants organizations to check the configuration of their MFA implementations.
FIDO Alliance highlights benefits of passwordless for enterprise
The organization has recently published a new white paper aimed at providing companies with an overview of the different use cases available for multi-factor authentication (MFA) and related FIDO passwordless technologies to help enterprises select the most appropriate technology for them.
The 22-page document starts by defining the key properties of FIDO Authenticators, differentiating between roaming and platform authenticators, and providing extra information about FIDO Protocol versions as well as other definitions related to user presence and verification, discoverable credentials, and enterprise attestation.
The white paper then examines ten different use cases using FIDO Authenticators, including user registration and enterprise binding flow, web authentication using FIDO as first or second factor and logging on to a remote computer using FIDO, among others.
Avanade and Feitian partner on FIDO biometric authentication
Cloud specialist Avanade and China-based banking solutions providers Feitian have entered a new partnership focusing on the deployment of FIDO-based hardware keys, which feature biometrics powered by Fingerprint Cards.
As part of the new collaboration, Avanade will deploy Feitian’s biometric FIDO solutions, which feature Bluetooth Low Energy and Near Field Communication (NFC) technologies to deliver passwordless authentication.
Since Feitian is a member of the Microsoft Intelligent Security Association (MISA), the deployment will also integrate with Microsoft Azure Active Directory, to enhance cloud security further while also simplifying IT administration workflows.
FIDO Alliance announces commerce-focused virtual summit
Sponsored by Daon, Keyless, and Nok Nok, the event will represent the organization’s first in the Authenticate Virtual Summit series of 2022. The deadline for applications to present at the event has also been extended from earlier this week to March 22, 2022.
The session will enable attendees to hear from industry experts on the authentication challenges facing all commerce stakeholders, and how can be tackled using FIDO authentication.
Registration is free, with the event taking place in two airings on March 30 and 31, respectively.
FBI warns of MFA flaw used by Russian state hackers
While MFA is one of the most secure forms of authentication at the time of writing, the technology is still subject to vulnerabilities.
In fact, Bleeping Computer reports the FBI has warned the international security community of vulnerabilities arising from misconfigured default MFA protocols, and how they have been reportedly exploited by Russian state-backed hackers.
The alleged attacks have been carried out against an unnamed non-governmental organization (NGO) by means of utilizing a brute-force password guessing attack to access an un-enrolled and inactive account, the agency says.
After gaining access, the Russian-backed threat actors managed to move laterally (from one user to the other) and gain access to the cloud storage and email accounts and exfiltrate data.
To prevent attacks such as this in the future, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly released a joint cybersecurity advisory.