IBM: Hey FIDO, Meet Passkey!.pptx
•Descargar como PPTX, PDF•
2 recomendaciones•1,055 vistas
FIDO RSAC Presentations
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a IBM: Hey FIDO, Meet Passkey!.pptx
Similar a IBM: Hey FIDO, Meet Passkey!.pptx (20)
Más de FIDO Alliance
Más de FIDO Alliance (20)
Último
Último (20)
IBM: Hey FIDO, Meet Passkey!.pptx
- 1. SESSION ID: #RSAC Shane Weeden Hey FIDO, Meet passkey! Senior Technical Staff Member IBM SEM-T02
- 2. #RSAC Disclaimer Presentations are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the presenters individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference LLC or any other co- sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented. Attendees should note that sessions may be audio- or video-recorded and may be published in various media, including print, audio and video formats without further notice. The presentation template and any media capture are subject to copyright protection. ©2022 RSA Conference LLC or its affiliates. The RSA Conference logo and other trademarks are proprietary. All rights reserved. 2
- 3. #RSAC Agenda What’s a “passkey”? Security spectrum User experience High-value consumer and enterprise
- 4. #RSAC What’s the hype? 4 https://fidoalliance.org/apple-google-and-microsoft-commit-to- expanded-support-for-fido-standard-to-accelerate-availability-of- passwordless-sign-ins/ https://youtu.be/6vnQDn3AUbo There is announced intention from the major FIDO platform vendors (Apple, Google, Microsoft) to offer cloud-fabric-synced FIDO credentials, accessible via WebAuthn.
- 5. #RSAC What is a “passkey”?
- 6. #RSAC A passkey is… 6 Multi-device FIDO credential An authentication credential that is: • Based on public key cryptography, like any other FIDO Credential. • Backed up, and able to be replicated across devices*. • Designed to help scale FIDO adoption, particularly in the consumer space.
- 8. #RSAC Security Spectrum 8 password password+ Conditional MFA multi-device “passkey” Device-bound FIDO credential
- 10. #RSAC Inspiration from Password Manager UX • Familiar experience for users • Phishing resistant • Privacy preserving • Simple instrumentation for website developers
- 11. #RSAC Cross-ecosystem Experience 11 cross-device, cross-ecosystem FIDO authentication CONCEPT RENDER ONLY | UI SUBJECT TO CHANGE mobile device can bootstrap another device and/or ecosystem
- 12. #RSAC Cross-device Experience - Demo 12 CONCEPT RENDER ONLY | UI SUBJECT TO CHANGE
- 13. #RSAC What about high-value consumer and “enterprise”?
- 14. #RSAC High-value Consumer & Enterprise 14 Regulated Industries (Financial, Government, Healthcare) Politicians, Journalists, Executives, Influencers Enterprise Privileged Access
- 15. #RSAC Device Public Key 15 per relying party, device bound key in addition to the “passkey” https://login.example.com eliza@example.com login.example.com
- 16. #RSAC Wrapping Up 16 familiar UX DPK provides context for higher security use cases drop in replacement for password, with enhanced security characteristics cross-platform, cross-ecosystem, addresses account recovery
Notas del editor
- All FIDO credentials have the property of being “human consumable PKI-based credentials”, meaning that only public keys are registered at servers. They also have other common characteristics associated with FIDO such as being non-trackable by registered sites, and phishing resistant when used for login. Able to be replicated across devices –* indicates that initially it looks like it will be eco-system based replication (Apple -> Apple, etc), but that need not always be the case in future. We are on a journey, and just like 3rd party password managers now have tight integration with browser instrumentation, so could “passkey managers” in the future. Passkeys, when combined with “hybrid” CTAP transport between browsers and phones, will address major adoption issues with consumer-scale FIDO: Not everyone has a traditional hardware security key– with passkeys will come “mobile phone as an authenticator”, allowing mass adoption. Account recovery is addressed via obtaining a new device and recovering your cloud fabric “passkey provider” account (i.e. think your Apple/Google/Microsoft account).
- All FIDO credentials have the property of being “human consumable PKI-based credentials”, meaning that only public keys are registered at servers. They also have other common characteristics associated with FIDO such as being non-trackable by registered sites, and phishing resistant when used for login. Able to be replicated across devices –* indicates that initially it looks like it will be eco-system based replication (Apple -> Apple, etc), but that need not always be the case in future. We are on a journey, and just like 3rd party password managers now have tight integration with browser instrumentation, so could “passkey managers” in the future. Passkeys, when combined with “hybrid” CTAP transport between browsers and phones, will address major adoption issues with consumer-scale FIDO: Not everyone has a traditional hardware security key– with passkeys will come “mobile phone as an authenticator”, allowing mass adoption. Account recovery is addressed via obtaining a new device and recovering your cloud fabric “passkey provider” account (i.e. think your Apple/Google/Microsoft account).
- Apple: https://developer.apple.com/videos/play/wwdc2022/102/ Timestamp: 44:03