Multi-factor & Risk-based Authentication , Security Operations , Video

How FIDO2 Can Streamline Passwordless Tech, Account Recovery

Superlunar's Nick Steele on How Passkeys, Conditional UI Benefit Credential Sharing
Nick Steele, head of research, Superlunar

The FIDO2 standard has driven not only the adoption of multifactor authentication but also the embrace of passkeys and conditional UI, says Superlunar's Nick Steele.

See Also: Deception: The Secret Weapon Against Identity-Based Attacks

FIDO2 will help users adopt passwordless flows on their browsers and laptops while protecting websites with public key credentials in a way that wasn't possible before. Passkeys, meanwhile, make it easier to share credentials for the same website between a phone and a browser, and they lower the barrier for account recovery, and conditional UI prompts users to log in with passkeys when available, he says (see: FIDO Panel: Remember, Passwordless Is All About Usability).

"FIDO2 allows us to have unique and scoped credentials which are specific to a single website," Steele says. "If an attacker was to get ahold of that credential, it's unique to that website so they wouldn't be able to relate it to any other website and they couldn't actually do anything with it. What an attacker would get is a public key, which is kind of useless. An attacker would gain very little from having that."

In this video interview with Information Security Media Group from the FIDO Alliance's Authenticate 2022 conference, Steele also discusses:

  • How FIDO2 helps drive adoption of multifactor authentication;
  • The significance of passkeys and conditional UI in authentication;
  • How passkeys can help organizations streamline account recovery.

Steele leads research for Superlunar, a private New York-based R&D group. A security researcher and identity expert from Brooklyn, New York, he works with the World Wide Web Consortium as a contributor and co-chair and has been working with W3C on the WebAuthn standard since 2017.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.