VinCSS launches FIDO2 biometric password manager as Alliance issues security key guidance
VinCSS has launched a FIDO2 platform for passwordless password management with biometrics, which the company claims is the first of its kind on the market.
The VinCSS FIDO2 KeyVault uses an HMAC Secret Extension to eliminate the master password from day-to-day uses, according to the announcement, limiting master password exposure.
The company notes common user complaints about the poor experience associated with passwords, as well as security shortcomings, and goes on to review the series of hacks and breaches involving traditional password management solutions.
First time users or those adding a new vault with the solution name their vault, select a FIDO2 key, such as a VinCSS FIDO2 Authenticator or another biometric hardware or software key. A private instance method is used for key derivation, and the root secret is stored in memory only during the moment when the vault is opened, the company says.
VinCSS launched its FIDO2 cloud service in early-2021.
Guidance for security keys
The FIDO Alliance, meanwhile, has published new guidance for optimizing user experiences with FIDO security keys.
The FIDO Security Key UX Guidelines are intended to help accelerate the adoption of FIDO security keys for multifactor authentication (MFA). They were formed through a collaboration between The FIDO Alliance UX Task Force and Blink UX.
“Having reached widespread support for FIDO Authentication across the web, the FIDO Alliance is increasingly focused on ways to grow and ultimately reach mass adoption. One of our primary areas of focus towards this objective is making FIDO more usable and accessible,” says Andrew Shikiar, executive director and CMO of the FIDO Alliance. “We’ve established a FIDO UX Task Force consisting of UX experts from around the globe to conduct research and provide guidance on how to optimize user journeys as users enroll in, and subsequently sign in, with FIDO in various use cases. Today’s guidelines follow our first set of UX guidelines focused on the desktop authenticator user experience, with more to follow. I strongly encourage service providers to leverage these best practices when rolling out FIDO Authentication.”