FIDO Promotes Passwordless Authentication with User Experience Guidelines
The FIDO Alliance has released a new set of user experience (UX) guidelines for organizations that want to enable FIDO authentication for their customers. The guidelines were developed to encourage more people to switch to password-less methodologies, serving as an implementation roadmap that organizations can follow to increase adoption rates and maximize the number of people who connect with it. FIDO technologies.
The first set of guidelines relate specifically to FIDO authentication on desktop devices, although the Alliance is considering rolling out additional guidelines that will affect other environments. In this regard, the Alliance noted that many devices and web browsers now offer built-in support for FIDO protocols, and the guidelines will seek to take advantage of this to make it easier for organizations to configure with a FIDO system.
Blink UX led the consumer research sessions that led to the creation of the guidelines. The company acted as a third-party partner, although the research was carried out with input from UX experts working for member organizations of the FIDO Alliance.
In other news, the Alliance has also released updated versions of its FIDO2 specifications. WebAuthn Level 2 (as approved by the World Wide Web Consortium) and CTAP 2.1 (as approved by FIDO) will introduce corporate attestation, which will help IT departments track FIDO authenticators issued to employees. The attestation feature will help administrators link an authenticator to an account with streamlined biometric enrollment and simplify credential management with enhanced tracking features.
FIDO2 updates are being deployed to help combat the growing volume of phishing attacks, which matches the recent increase in remote traffic. The UX guidelines are expected to be of particular benefit to organizations in the financial industry, while the FIDO2 specifications will promote strong authentication principles and business security more generally. The specifications will also support resident credentials, cross-origin iFrames, and Apple attestation.