HID embraces FIDO authentication, simplifies enterprise passkey deployment

HID has introduced a new suite of FIDO-certified credentials and a subscription-based Enterprise Passkey Management (EPM) platform designed to help organizations roll out passwordless authentication at scale.

The move comes as a legacy version of multi-factor authentication could be on its last legs with FIDO recommending a fix to the vulnerability of “phishable” MFA. The FIDO Alliance has highlighted that while 87 percent of enterprises are moving toward passkeys, nearly half have yet to deploy citing complexity and cost as hurdles.

“Phishing-resistant authentication isn’t one-size-fits-all,” says Sean Dyon, VP and head of the Authentication Business Unit at HID. “Rolling out passkeys isn’t just about issuing devices, it is about giving security teams the tools to manage them at the enterprise scale, with the same precision as the rest of the identity stack.”

At the heart of HID’s announcement is its EPM solution, which gives IT teams centralized control over provisioning, revocation and audit trails for FIDO credentials. By automating device issuance and offering full lifecycle visibility, HID says it can significantly reduce both the manual effort and end-user training typically required to manage passkeys.

The service is built on open standards to integrate with Microsoft Entra ID and other major identity providers and supports both cloud and on-premises deployments.

HID also expanded its Crescendo portfolio with three new authenticators. HID says the redesigned Crescendo Key features improved ergonomics, LED prompts and support for FIDO2, PKI and OATH protocols. Crescendo Cards combine physical-access badges with passwordless login capabilities in dual-interface or contactless form factors. Lastly, the OMNIKEY 5022 reader offers a cost-conscious, desktop-mounted solution for PC authentication.

HID highlighted its forthcoming one-card solution for unified digital and physical access. Leveraging Seos and MIFARE DESFire EV3 smart-card technologies alongside FIDO 2.1 authentication, the new cards aim to simplify deployments for organizations seeking both building security and phishing-resistant login in a single credential.

Intercede supports FIDO authentication with Enterprise Attestation and Yubico integration

Cybersecurity for digital identities specialist Intercede has rolled out version 12.15 of its credential management system, MyID CMS, becoming one of the first platforms to support Enterprise Attestation under the FIDO authentication framework.

The new release is integrated with Yubico’s YubiKey offering organizations enhanced device control and auditability with the company’s Enterprise Attestation-enabled security keys.

Enterprise Attestation allows IT teams to confirm the identity of each hardware authenticator before granting access to sensitive networks and applications. Unlike standard FIDO deployments, which safeguard user privacy through anonymous attestation, the enterprise model reveals unique device identifiers — similar to serial numbers on PKI smart cards — so administrators can track, manage, or revoke any company-issued key.

“Our customers are often used to the levels of control, management, tracking and traceability that PKI smart cards provide, where each device has a unique serial number that ensures they are only issuing keys that they own,” says Allen Storey, Chief Product Officer at Intercede. “Enterprise Attestation enables FIDO authenticators to be uniquely identified, bringing the increased security and visibility that our high-assurance customers require.”

Alongside attestation support, MyID CMS 12.15 introduces finer PIN management, including minimum PIN length and enforced PIN changes on first use. These features underpin “issue on behalf of” workflows and bolster organizational oversight during device issuance.

Intercede’s partnership with Yubico creates a turnkey ecosystem for large-scale YubiKey deployments. The combined solution targets industries with the strictest security requirements such as government agencies, financial services, healthcare, and critical infrastructure where detailed device tracking and pre-approved authenticator lists are non-negotiable.

In May, Yubico announced the expanded availability of YubiKey as a Service to all countries in the European Union, allowing enterprises to quickly roll out phishing-resistant MFA. Last month, Intercede announced a strategic partnership with Gulf IT to bring its MyID CMS to the Middle East, a region that is accelerating digital transformation.

Intercede and Yubico will host in-depth sessions on Enterprise Attestation implementation at the upcoming Authenticate conference, and a series of online demonstrations covering device enrolment, policy management, and audit reporting is available on Intercede’s website. MyID CMS 12.15 is available immediately to both new and existing customers.

Article Topics

biometric authentication  |  biometric security key  |  biometrics  |  enterprise  |  FIDO Alliance  |  FIDO2  |  HID  |  Intercede  |  passkeys  |  passwordless authentication  |  Yubico