FIDO touts synced passkey deployment for consumer use cases
![FIDO touts synced passkey deployment for consumer use cases](https://d1sr9z1pdl3mb7.cloudfront.net/wp-content/uploads/2023/03/29181452/passwordless-mfa-1024x683.jpg)
The latest white paper from the FIDO Alliance focuses on the emerging practices around the use of synced passkeys. Synced passkeys allow passkey use across devices, syncing passkeys over the cloud.
“This document outlines crucial areas such as registration, authentication, passkey management, and accessibility for relying parties (RPs) to consider and presents a range of emerging approaches for adopting this technology,” says the abstract. “The objective is to guide RPs through these budding strategies, acknowledging that the specifics of ensuring secure and convenient passkey usage may evolve as the digital landscape continues to advance.”
The paper says synced passkeys are still in a relatively early phase of adoption, but use cases are multiplying. “In consumer use cases where consumers are using multiple devices and/or lose a device, it is desirable for the majority of RPs to utilize synced passkeys,” it says.
Those that are will set the tone for further development. “Emerging practices being deployed by some RPs at the time of this writing may become the best practices over time given accumulated experience and evolution in passkey providers.”
The extensive document covers types of passkeys, the difference between cloud-based synced passkeys and device-bound passkeys, the passkey registration process, passkey authentication, passkey management and accessibility.
Still, FIDO is careful to note that the paper is intended as “an initial guidepost” from which to start thinking about a security environment that is constantly evolving. RPs, it says, “are advised to remain agile and continuously reflect on these practices, taking into account the potential shifts in the passkey landscape.”
What you have vs. what you do: BIO-key launches Passkey:YOU
BIO-key International has announced the launch of Passkey:YOU, a biometric FIDO passkey authentication tool aimed at underserved workplace scenarios in manufacturing, retail, healthcare, call center and Sensitive Compartmentalized Information Facilities (SCIFs).
A press release says device-restricted environments present challenges in implementing passwordless or multifactor authentication (MFA). FIDO hardware tokens come with additional costs and are easily lost. Passkey:YOU places biometric authentication hardware at device access points, replacing a FIDO hardware token system with “a simple touch of a shared USB fingerprint scanner or the tap of a standard door access badge to a shared USB NFC scanner connected to any Windows workstation to unlock a managed passkey for the user.” This authenticates the user without the need for a phone or hardware token.
Per the release, in its biometric mode, Passkey:YOU is powered by BIO-key’s Identity-Bound Biometrics, “allowing an unlimited number of users to be their own phish-proof credential, eliminating the need for them to carry any device or token to authenticate and get work done.”
According to BIO-key SVP of Strategy and Chief Legal Officer Jim Sullivan, “mainstream ‘what-you-have’ approaches center on phone apps and hardware key-based passkeys, which don’t work in many workforce user scenarios.” BIO-key says Passkey:YOU cuts lifecycle costs compared to tokens, is easily integrated into existing authentication processes, and is powered by BIO-key’s Identity-Bound Biometrics, which supports over 30 different fingerprint scanners interchangeably with centrally managed and encrypted NIST-certified biometrics.
MojoAuth, LoginRadius launch passkey authentication
A release from MojoAuth announces the launch of its passkey authentication platform with finger and face biometrics. “Passwords have long been the Achilles’ heel of digital security,” says Dev Kumar, Co-founder of San Francisco-based MojoAuth. “Passwordless authentication is the cornerstone of future online security.”
Customer Identity and Access Management (CIAM) vendor LoginRadius has launched passkeys on its platform, leveraging the FIDO2 open standard. The Vancouver company offers SDKs to enterprises for integrating passkeys into apps built with popular libraries, frameworks and languages. Rakesh Soni, CEO of LoginRadius, says “passkeys mark a significant evolution in authentication technology, offering users heightened security and ease of use.”
Intercede authentication to be available to public sector through Carahsoft
Government IT provider Carahsoft Technology Corp. is to serve as “Master Government Aggregator” for digital identity and assurance software company Intercede, making its biometric products available to the public sector through Carahsoft’s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2) and OMNIA Partners contracts. These include its MyID authentication tool, which includes support for FIDO passkeys.
In a release, Klaas van der Leest, CEO of Intercede, says availability through Carahsoft will help advance its strategic plan to expand in the U.S. “With Carahsoft’s depth and reach in the federal, local government space and educational market we look forward to developing and strengthening our new relationship.”
Article Topics
BIO-key | biometric authentication | biometrics | Carahsoft | FIDO Alliance | FIDO2 | Intercede | LoginRadius | MojoAuth | passkeys | passwordless authentication
Comments