FIDO authentication represents the best way for organizations to implement simpler, stronger authentication that meets Reserve Bank of India’s Master Direction on Digital Payment Control requirements, while also enhancing the user experience, states a study by FIDO Alliance.
FIDO (Fast IDentity Online) is based on binding the device with the user and consequently using the device to authenticate the user action. It addresses a variety of use cases including MFA (multi-factor authentication.) It encompasses a set of authentication techniques other than passwords and SMS OTPs. Instead of passwords, it enables logins to be replaced by a secured and stronger user authentication mechanism employing biometrics, tokens, smart cards, near-field communication devices, and many more authentication methods across the web and mobile applications.
FIDO standards-based authentication perfectly attacks authentication problems by providing strong user identity verification and device binding protocols. The Identity Verification and Binding Working Group (IDWG) and the FIDO Alliance have created and developed newer methods of capturing user credentials and protecting them. Subsequently, the group has established stricter account recovery processes when the user’s device is manipulated or lost.
The accounts created with FIDO Authentication in place meet the Know Your Customer (KYC) and Anti-Money Laundering (AML) guidelines while giving the user a. strong and simple account onboarding processes b. strong protection against account takeover attacks (phishing) c. strong identity verification and assurance d. secured and smooth account recovery.
Strong consumer authentication works on three basic principles: a. who you are b. what you have c. what you know. While SMS OTP only covers one of the criteria (b), traditional PINs/passwords also cover “What you know.” FIDO encompasses both “a “who you are” and “what you know.”
Traditional authentication mechanisms are vulnerable to MITM (Man-in-the-Middle) attacks even though multi-factor authentication is employed. FIDO security keys based on FIDO Alliance standards are easier to use and more secure than other forms of MFA and solve the problem of MITM attacks by providing cryptographic proof the user is in possession of the second factor, and that they are interacting with a legitimate service. FIDO protocols are designed from the key idea of providing user privacy and security from the ground up. These protocols are device-specific and therefore do not provide information that could be easily tracked by online services, the study points out.
Read More
