27 Feb

4 Min read

Navigating Cybersecurity in Operational Technology: Insights from the Joint Cyber Defense Collaborative

February 27, 2025 Nok Nok News 0 comments

Navigating Cybersecurity in Operational Technology:
Insights from the Joint Cyber Defense Collaborative

The Joint Cyber Defense Collaborative (JCDC) released an important document titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This collaborative effort involves major players in cybersecurity, including the Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Federal Office for Information Security (BSI), the UK National Cyber Security Centre, and the European Commission. The document is a significant step towards enhancing the cybersecurity posture for operational technology (OT) environments, which are increasingly vulnerable to cyber threats.

Some key takeaways from the document:
The JCDC’s recommendations provide a roadmap for OT owners and operators to make informed decisions when selecting digital products. Here are two critical points highlighted in the document:

1. Phishing-Resistant Multi-Factor Authentication (MFA)
One of the standout recommendations is the call for buyers to prioritize products that include phishing-resistant multi-factor authentication (MFA) in their baseline versions, underscoring the importance of robust authentication mechanisms in today’s threat landscape:

● Selection criteria: The baseline version of the product supports role-based access control (RBAC) and multifactor authentication (MFA), particularly for changes to safety-critical equipment.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate the use of shared role-based passwords in their products? Is MFA included in the baseline version?

● Why this matters: Strong authentication allows for defense-in-depth and enables identity and access management best practices.

For organizations looking to comply with this guidance, solutions like the Nok Nok S3 Suite, the Authentication Cloud, and the IoT SDK are excellent options. These products offer advanced authentication capabilities that help mitigate the risk of phishing and man-in-the-middle attacks, ensuring that only authorized users can access critical systems and data. Implementing such solutions is a proactive step towards safeguarding operational technology environments.

2. Elimination of Default Passwords
Another critical focus of the document is the elimination of default passwords, which is listed as a key aim to achieve “Secure by Design” practices. Default passwords are often a weak link in cybersecurity, providing an easy entry point for malicious actors. The document stresses the need for organizations to move away from these vulnerabilities and adopt more secure password practices:

● Selection criteria: The product is delivered secure out of the box, resilient against the most prevalent threats and vulnerabilities, without requiring additional configuration from users or administrators.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate default passwords?

● Why this matters: Insecure default settings expose asset owners to more risk and increase security costs.

Using the Nok Nok IoT SDK can significantly aid operational technology operators in this endeavor. The SDK facilitates the implementation of phishing-resistant authentication methods that do not rely on default passwords, thus enhancing the overall security of IoT devices and systems. By leveraging such technology, organizations can ensure that their OT environments are better protected against unauthorized access.

The Importance of Cybersecurity in Operational Technology
As operational technology systems become more interconnected and reliant on digital products, the need for robust cybersecurity measures has never been more critical. The recommendations put forth by the JCDC are not just best practices; they represent a foundational shift towards a security-first approach in the selection and implementation of digital products.
By prioritizing phishing-resistant MFA and eliminating default passwords, OT owners and operators can build a more resilient infrastructure capable of withstanding evolving cyber threats. The guidance provided in the JCDC’s document serves as a valuable resource for organizations looking to enhance their cybersecurity strategies and protect their critical assets.

Conclusion
The publication of “Secure by Demand” marks a pivotal moment for organizations involved in operational technology. As cyber threats continue to evolve, the emphasis on secure design principles and robust authentication mechanisms cannot be overstated. By following the recommendations of the JCDC and integrating solutions like the Nok Nok S3 Suite and IoT SDK, organizations can take substantial steps towards fortifying their defenses and ensuring the integrity of their operational technology environments. In a digital landscape fraught with risks, being proactive about cybersecurity is not just an option; it’s a necessity.

09 Oct

5 Min read

Nok Nok Announces Innovative Solutions that Simplify Deploying and Managing Passkeys

October 9, 2024 Nok Nok News 0 comments

New AI-powered functionality will enhance security, user experience, and operational efficiency

Nok Nok Authentication Cloud available through AWS Marketplace

SAN JOSE, Calif., October 9, 2024 — Nok Nok, a leader in passwordless authentication for the world’s largest organizations, today announced new product offerings that can be leveraged with its Nok Nok^™ S3 Authentication Suite. With these product releases, Nok Nok introduces significant innovations: Nok Nok Intelligent Credential Detection, Nok Nok Smart Analytics, and Nok Nok Smart Sense. With Nok Nok’s S3 Authentication Suite and Authentication Cloud, organizations can now manage their authentication strategies more efficiently, addressing key challenges deploying passkeys.

In response to the accelerated cyber threat landscape, and the need for optimizing the user experience and improving authentication KPIs, Nok Nok implemented AI to improve efficiency and user experience. These AI-driven features not only detect anomalies indicating elevated fraud risks but also identify deviations in critical authentication KPIs that provide actionable insights. By leveraging AI, Nok Nok significantly reduces the operational effort required to implement modern authentication that delights users while providing robust enterprise protection against current threats including AI generated phishing attacks and deep fakes.

“As enterprises transition from multi-factor authentication to more advanced passkey solutions, they need to provide heightened security and streamlined user experiences,” said Todd Thiemann, Senior Analyst, Enterprise Security Group. “Nok Nok’s AI-driven features are important in addressing the evolving cybersecurity threats while reducing operational complexity for organizations seeking robust, passwordless authentication.” These new innovations include:

Revolutionizing User Experience with Intelligent Credential Detection
Nok Nok’s new Intelligent Credential Detection method marks a substantial improvement in user experience. This feature automatically prompts the use of credentials available on the specific user device. By enhancing the ability to “prime” or prepare users for the next steps when authenticating, this functionality significantly improves success rates and reduces the time it takes to authenticate.
Empowering Decision-Making with Smart Analytics
Smart Analytics introduces unprecedented insights into authentication performance. This cloud-based service integrates seamlessly with the S3 Authentication Suite and Nok Nok Authentication Cloud, providing detailed reporting on key performance indicators (KPIs) related to authentication. What sets Smart Analytics apart is its ability to benchmark these KPIs against industry averages and offer actionable suggestions for improvements.

Enhancing Security with AI-Powered Smart Sense
The introduction of Smart Sense represents Nok Nok’s innovative approach to risk assessment in a passwordless world. Utilizing advanced AI and machine learning algorithms, Smart Sense learns user behavior to provide anomaly scores that can seamlessly be used through the Nok Nok authentication rules engine. This feature is specifically optimized for the passkey ecosystem, helping organizations fine-tune user experiences while enhancing fraud prevention.

These advancements come at a crucial time as organizations worldwide grapple with the challenges of securing and authenticating identities in an increasingly complex threat landscape. Nok Nok’s latest offerings provide a comprehensive solution that addresses the key pain points of implementing and maintaining strong, passwordless authentication.

“For years, Nok Nok has been at the forefront of helping enterprises transition to passkeys, and now with AI-driven innovations, we’re giving our customers powerful tools to make the use of passwordless authentication more intuitive and efficient than ever before,” said Rolf Lindemann, Vice President of Products, Nok Nok. “Our Intelligent Credential Detection streamlines the authentication process by tailoring it to each user’s available credentials, while the new Nok Nok Smart Analytics and benchmarking capabilities provide actionable insights to optimize and enhance user experience. With Nok Nok Smart Sense, we’re also addressing the evolving threat landscape by offering AI-powered, context-aware risk assessments, giving organizations the ability to fine-tune user experiences while bolstering security.”

Streamlined Procurement through AWS Marketplace
To further simplify adoption, Nok Nok also announced that its Authentication Cloud offering is now available through AWS Marketplace. This integration allows organizations to consolidate their ordering and billing processes, making it easier than ever to deploy phishing-resistant authentication using existing AWS budgets.

For more information about Nok Nok’s S3 Authentication Suite and these latest product offerings, visit Nok Nok.

About Nok Nok
Nok Nok is a leader in passwordless customer authentication and delivers the most innovative FIDO (Fast IDentity Online) solutions for the authentication market today. Nok Nok empowers organizations to dramatically improve their user experience and security, and reduce operating expenses, while enabling compliance with the most rigorous privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-enabled passwordless customer authentication. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in next-level, multi-factor authentication. Nok Nok’s global customers and partners include AFLAC Japan, BBVA, Carahsoft, Fujitsu Limited, Hitachi, Intuit, Mastercard, MUFG Bank, NTT DATA, NTT DOCOMO, Standard Bank, T-Mobile, and Verizon. For more information, https://noknok.com/.

Read the official press release.

31 Jul

3 Min read

Navigating the Path to Passkeys: One Approach Does Not Fit All

July 31, 2024 Nok Nok News 0 comments

As businesses and government organizations embark on their journey towards implementing passkeys, careful planning and consideration of various factors are crucial to ensure a smooth transition. We think one of the most critical and valuable to the organization is “the path” – where to start, and how to stage the phases. Passkeys offer numerous benefits, including enhanced security, improved user experience, and reduced operational costs. But careful consideration of the steps that surround the actual passwordless path is critical, especially for organizations in high security and regulated markets.

What are all these steps and why are they important in migrating to Passkeys?

Defining Goals and Priorities

Before diving into implementation, organizations must first define their specific goals and priorities for adopting passwordless technologies. Whether the aim is to bolster security measures, streamline user access, or cut down on operational expenses, clarity on objectives is essential from the outset.

Assessing Current Security Infrastructure

With goals and priorities aligned, next up is understanding the current state of the organization’s security infrastructure. Too often organizations will miss a step as they haven’t identified potential gaps in existing solutions and assessing security posture are vital steps in preparing for the transition to passwordless authentication. This is particularly critical in industries with stringent regulatory requirements, such as finance and healthcare, where compliance and data integrity are paramount.

Prioritizing Use Cases

Once goals are established and the security landscape is assessed, prioritizing use cases becomes the next step. Different applications and user interactions may require varying levels of security and access control. Thus, businesses must identify which use cases are most critical and prioritize them accordingly. This involves determining which use cases necessitate the highest level of security and which could benefit from a simplified user experience.

Paths to Implementing Passwordless Solutions

With these considerations in mind, we have learned that organizations can explore various paths towards implementing passwordless solutions, each tailored to specific needs and use cases with related benefits. Where an organization starts depends on their goals and priority use cases. For example, for organizations with a mobile first strategy and high security needs, they may consider “hardening” their mobile application with a device-bound passkey first as most companies are enabling biometrics in a less secure way. This provides a “trust anchor” through the mobile app. Alternatively, businesses can opt to start by replacing passwords in applications with synced passkeys, either for web-only usage or across both web and native applications. There are pros and cons to consider and it’s important to understand the security and user experience ramifications. For high security markets, combining device bound and synced passkeys can enable organizations to address various use cases in the most convenient and secure manner.

Planning and Rollout

While these paths may seem straightforward, transitioning to passwordless requires meticulous planning and phased rollout. Testing and refining your approach in controlled environments allows organizations to mitigate risks and make necessary adjustments based on initial feedback and performance. This approach ensures a smoother transition and enhances both security measures and user satisfaction.

For businesses seeking guidance on navigating the complexities of implementing passwordless authentication, partnering with experienced providers like Nok Nok can offer invaluable support and expertise. With over a decade of experience in deploying FIDO-based solutions for trusted brands across various industries, Nok Nok is well-equipped to assist organizations in transitioning to a passwordless future.

To learn more about accelerating your journey towards passwordless authentication, reach out to Nok Nok today.

25 Jun

4 Min read

Moving to Zero Trust – Implementing M-22-09 – Time is Running Out

June 25, 2024 Nok Nok News 0 comments

Just over three years ago, the Biden Administration released Executive Order (EO) 14028 - Improving the Nation’s Cybersecurity. The EO marked a significant milestone in the ongoing battle against cyber threats, acknowledging the critical need to fortify the nation's digital defenses in an increasingly interconnected and vulnerable landscape.

02 May

4 Min read

Friction and Fatigue = Fraud: not with Passkeys!

May 2, 2024 Nok Nok News 0 comments

Friction and Fatigue = Fraud: not with Passkeys!
Enhancing Banking Security Through Advanced Authentication: Embracing Passkeys

In today’s digital landscape, where online transactions have become ubiquitous, ensuring robust security measures within the banking sector is paramount. But users too often encounter friction in their onboarding process or just give up due to the multiple times they are asked to prove their identity.

With the proliferation of cyber threats and the increasing sophistication of malicious actors, traditional authentication methods have proven to be inadequate in safeguarding sensitive financial data. However, a transformative shift is underway, powered by advanced authentication technologies such as FIDO (Fast Identity Online), revolutionizing the way banks protect their customers’ accounts and transactions. Here, we delve into four key considerations and an outlook on how banking security is being fortified with advanced authentication, particularly through the adoption of FIDO technology:

Seamless Authentication Across Platforms
Banks have made significant strides in leveraging biometrics for native banking app sign-ins, offering users a convenient and secure authentication experience. However, this convenience is often absent when accessing banking services via web browsers, where users are still required to rely on traditional usernames and passwords. By adopting FIDO-based passkey authentication for web applications, banks can provide a consistent and frictionless user experience across all platforms, enhancing security while reducing login time and fatigue.
Streamlining Payment Approvals
The current process of approving payments during e-commerce transactions often involves app-switching or device-switching, introducing unnecessary friction and potentially impacting conversion rates. With the integration of Secure Payment Confirmation (SPC) technology, powered by FIDO authentication, users can seamlessly approve payments without the need to switch apps or devices. Initial pilots have demonstrated a significant uplift in conversion rates, underscoring the efficacy of this approach in enhancing user experience and security.
Expanding the Role of Banking Cards
Traditional banking cards are primarily designed for offline use, limiting their utility in online transactions and contributing to the prevalence of card-not-present (CNP) fraud. By incorporating FIDO security key technology into banking cards, financial institutions can extend the functionality of these cards to online transactions, providing users with a secure and convenient authentication method. This not only simplifies device migration for banking app access but also reduces reliance on vulnerable authentication methods such as SMS-based OTPs.
Optimizing User Onboarding Processes
The conventional approach to user onboarding in banking often involves ID proofing before credentialing the user, resulting in potential disruptions and drop-offs during the signup process. By reversing this order and leveraging FIDO passkeys, banks can enhance the onboarding success rate while providing a seamless user experience. Passkeys eliminate the need for passwords altogether, further streamlining the authentication process and ensuring a smoother transition for new users.

Outlook: Shifting Towards FIDO-Based Authentication

The authentication landscape is undergoing a paradigm shift, transitioning from traditional methods like passwords and OTPs to FIDO passkeys. This evolution is driven by the need for stronger security measures, improved user experience, and compliance with regulatory requirements such as PSD2 and SCA. As banks embrace FIDO technology, they stand to benefit from enhanced security, reduced friction, and greater flexibility in authentication methods.

Where can you find the cross platform, streamlined but secure onboarding for your banking applications – Nok Nok. As one of the creators of FIDO-based authentication credentials, Nok Nok offers passwordless sign-up and sign-in to online services. Nok Nok™ solutions are built from the ground-up leveraging FIDO standards and offer the most comprehensive passkey support to meet the widest range of use cases.

In conclusion, FIDO-based authentication holds the key to fortifying banking security in an increasingly digital world. By embracing advanced authentication technologies and prioritizing user experience, banks can stay ahead of evolving threats and provide their customers with the peace of mind they deserve in their financial transactions.

15 Mar

4 Min read

When Securing Transactions, Global Experience Gets it Done

March 15, 2024 Nok Nok News 0 comments

In today’s digital age, banking apps on mobile devices have become ubiquitous, offering convenience and ease of access to financial services. With more than half of Generation Z, Millennials, and Generation X favoring mobile banking apps, it’s evident that traditional brick-and-mortar banking is rapidly being replaced by digital solutions. However, as the adoption of mobile banking apps continues to soar, ensuring robust security while maintaining a seamless user experience has become of paramount concern for banks worldwide.

To address these challenges, banks are turning to advanced technologies such as FIDO (Fast Identity Online) and WebAuthn (Web Authentication) to revolutionize payment authorization processes. It’s crucial to understand how these technologies are implemented, especially considering the differing approaches between the United States and the European Union.

In the United States, the emphasis is on leveraging biometrics within banking apps to streamline payment authorization. Users can authenticate using biometric features such as fingerprint or facial recognition, eliminating the need for cumbersome password entry. However, for online payments, the reliance on risk analytics and SMS one-time passwords (OTPs) has resulted in high rates of card-not-present fraud and false declines. The use of SMS OTPs often leads to user friction and increased abandonment rates, as customers are required to switch contexts or even use a second device. To combat these challenges, Secure Payment Confirmation (SPC) has been introduced, built on top of FIDO/WebAuthn to provide a phishing-resistant credential for authorizing online transactions with a single gesture, be it biometric or PIN. This approach significantly improves conversion rates, reduces fraud, and minimizes false declines, ultimately enhancing both security and user experience.

On the other hand, in the European Union, banking apps also utilize biometrics for authentication, mitigating the need for password entry and enhancing security. However, the approach to online payment authorization differs, with push-to-app being the preferred method. Users are required to switch to their banking app to approve payment transactions, introducing friction and potentially increasing abandonment rates. Despite the use of biometrics within the banking app context, the past impracticality of biometrics in the context of merchant apps – especially web apps – has limited its widespread adoption. Additionally significant is that there is a lack of integrity protection for web apps – with this, implementing “what-you-see-is-what-you-sign” directly in web apps is not possible today. To address these challenges, Secure Payment Confirmation (SPC) is employed on top of and leveraging FIDO/WebAuthn to provide a phishing-resistant credential that is triggered by the merchant’s app or by the issuer’s access control server (ACS). This approach improves conversion rates by simplifying the payment authorization process while maintaining robust security measures.

In both regions, the adoption of FIDO/WebAuthn-based solutions marks a significant step forward in enhancing the security and usability of payment authorization triggered by web apps or by an ACS. By providing users with seamless and secure authentication methods, banks can instill trust and confidence while fostering greater adoption of digital banking services.

As the banking industry continues to evolve in the digital era, it’s clear that innovative technologies will play a crucial role in shaping the future of financial services. By prioritizing security and user experience, banks can position themselves as leaders in the digital transformation of banking, driving greater customer satisfaction and loyalty in an increasingly competitive landscape.

When banks need to implement Secure Payment Confirmation (SPC) requirements, partnering with trusted FIDO vendors like Nok Nok who have experience in both US and EU payment security can ensure the successful implementation of this technology. Nok Nok’s ability to demonstrate a large user base employing various authentication protocols to produce cryptographic evidence further solidifies its position as a reliable partner in enhancing the usability for secure online payments.

10 Nov

3 Min read

Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

November 10, 2023 Nok Nok News 0 comments

In the world of cybersecurity, the federal government sets some of the most stringent requirements for its suppliers. It’s a landscape where only the best can thrive, and Nok Nok, a pioneer in Fast IDentity Online (FIDO) authentication solutions, has emerged as an important supplier. The company recently achieved the coveted Federal Risk and Authorization Management Program (FedRAMP) High authorization through its partnership with UberEther’s IAM Advantage. This achievement follows its DoD Impact Level 5 (IL5) achieved in 2022 and marks a significant milestone in delivering top-notch cybersecurity to federal agencies, partners, and citizens.

Here are the key takeaways from this latest achievement:

1. Federal Government’s Uncompromising Cybersecurity Standards

The federal government has long been known for its uncompromising cybersecurity standards. In response to the 2021 White House Cybersecurity Executive Order and the subsequent call from US Government CISO Jen Easterly for advanced Multi-Factor Authentication (MFA) based on FIDO standards, the demand for cutting-edge cybersecurity capabilities has never been higher. The government is leading the way in adopting the best of breed cybersecurity measures, making it crucial for suppliers to meet these advanced cybersecurity requirements.

2. Nok Nok’s Unique Position: FIDO and More

Nok Nok’s unique position as one of the original creators of FIDO standards sets it apart. The partnership with UberEther has enabled Nok Nok to provide federal agencies with phishing-resistant MFA that not only meets DoD Impact Level 5 (IL5) and FedRAMP High certifications but also complies with the Federal Information Processing Standards (FIPS) and National Institute of Standards and Technology (NIST) standards. This combination of expertise and collaboration empowers federal agencies to meet the highest levels of security and regulatory requirements seamlessly.

3. Streamlining Phishing-Resistant Authentication

Nok Nok’s MFA solution offers an effortless and convenient alternative to traditional Personal Identity Verification (PIV) and Common Access Card (CAC) methods. Leveraging the public key cryptography capabilities of modern endpoint devices such as smartphones and PCs as well as security keys, the solution eliminates the need for additional drivers, middleware, or browser plugins. This approach provides a secure and user-friendly way for employees, contractors, and citizens to access information, all while reducing the vulnerabilities and costs associated with password management.

In Conclusion:

Nok Nok and its partnership with UberEther are at the forefront of delivering advanced cybersecurity solutions to the federal government, setting the gold standard for phishing-resistant MFA. With FedRAMP High authorization, FIPS and NIST compliance, and adherence to FIDO standards, Nok Nok and UberEther are ensuring the highest level of security for federal agency employees, contractors, and citizens. As the digital era continues to evolve, Nok Nok is committed to transcending traditional boundaries and meeting the dynamic cybersecurity needs of our modern society.

31 Oct

4 Min read

Top 6 Considerations to Build vs. Buy FIDO-based Passkeys

October 31, 2023 Nok Nok News 0 comments

Here we are at the end of Cybersecurity Awareness Month, and you’ve heard vendors declare how their solutions can help make you and your enterprise safe. There is a lot to consider and maybe you are thinking you can solve the problem on your own – and go the “build vs. buy” route. Let’s look at the considerations when it comes to adopting the cutting-edge FIDO-based passkeys as the decision carries considerable weight and potential consequences.

When organizations contemplate the implementation of passkeys as an alternative to traditional passwords, they often start by focusing on the Minimum Viable Product (MVP). However, the real challenge lies beyond the MVP—the unknowns that come with version 1.1 and beyond. The technology landscape is constantly evolving, demanding adaptability and scalability. This is when the decision between starting from scratch and leveraging experienced vendors becomes critical.

Here are 6 considerations for your decision-making process:

1. Completeness: Beyond the Minimum Viable Product

Building a passkey solution from scratch may seem like an attractive proposition, especially for the sake of cost-effectiveness and fitting into existing infrastructure. However, it’s crucial to consider the road beyond the Minimum Viable Product (MVP). Rapid technological advancements necessitate staying up-to-date and future-ready. Vendors with experience in passwordless authentication solutions not only offer much more than a MVP but also pave the way for future expansions and improvements, helping organizations avoid technological dead-ends.

2. Support for Diverse Environments: Native Apps, Web Apps, Devices, and Regulatory Requirements

The ability of passkeys to seamlessly integrate across diverse environments is a fundamental requirement. Most established vendors excel in providing such integration, saving organizations time and resources. In contrast, building this integration in-house can be time-consuming and expensive, especially when compliance requirements need to be addressed. Dedicated passwordless authentication vendors bring years of experience, ensuring compatibility across a wide range of devices and regulatory environments.

3. Seamless Integration and Backend Infrastructure Support

The tech landscape is no longer homogeneous. Maintaining compatibility across various hardware and software versions can be a significant challenge when building in-house. Dedicated vendors can simplify this process by integrating seamlessly with an organization’s existing backend infrastructure, including cloud Hardware Security Modules (HSMs) and Secret Stores. This integration capability minimizes extensive code changes.

4. Maintenance Challenges: Keeping Pace with Specifications

Staying abreast of evolving FIDO and WebAuthn specifications is crucial for passkey solutions. Organizations often underestimate the effort and resources required for ongoing maintenance when building in-house. Partnering with experienced authentication vendors ensures that passkey features remain up-to-date, reducing maintenance burdens and allowing organizations to stay focused on their core objectives.

5. Reducing Development Risks and Project Failures

Homegrown development carries inherent unknown unknowns, particularly when implementing a paradigm like passkeys for the first time. Organizations may overlook critical factors or encounter unexpected challenges, resulting in higher costs, delays, or compromises on user experience. Partnering with an established passwordless authentication provider mitigates these risks by leveraging their extensive experience and lessons learned from successful passkey deployments.

6. Capitalizing on Investment and Experience

While building a passkey solution independently may seem appealing from a cost perspective, it often fails to account for hidden expenses and missed opportunities. Unknown unknowns can be costly both in terms of time and money. Leveraging a vendor like Nok Nok, with expertise and a wealth of investment in FIDO-based implementations, ensures a smoother fit into existing infrastructure and access to valuable intellectual property.

Conclusion

While building a solution from scratch may appear cost-effective or a better fit for existing infrastructure, it often underestimates the maintenance challenges, development risks, and missed opportunities. By leveraging a traditional passwordless vendor’s comprehensive passkey features, organizations can ensure a complete, scalable, secure, and future-proof implementation, benefiting from the expertise and investment of a trusted industry leader.

11 Oct

3 Min read

Ditch the Passwords and Embrace Passwordless Solutions for Effortless E-Commerce

October 11, 2023 Nok Nok News 0 comments

In our hyper-connected digital era, where online shopping is an integral part of our lives, the cumbersome process of creating and managing passwords has become a significant roadblock for e-commerce platforms. A study by NordPass reveals that a typical internet user juggles between 70 to 80 different passwords, highlighting the complexity users face in managing their online identities. It’s high time we explore more convenient and secure alternatives to passwords to enhance the online shopping experience.

Imagine signing up for e-commerce websites with the same ease and simplicity you experience when unlocking your mobile device using facial recognition or a finger swipe. The prospect is intriguing, practical and when done correctly, more secure. Biometric authentication could potentially revolutionize the way we interact with online platforms, particularly in the realm of e-commerce.

One of the costly issues faced by e-commerce sites is shopping cart abandonment, which accounts for a staggering $18 billion in lost revenue annually. A significant portion of this abandonment stems from the cumbersome process of creating a password during the checkout process. When users are prompted to create an account with a password, especially when they are trying to complete their transaction, friction is introduced. This friction can discourage potential customers, leading them to opt for a guest checkout and even abandon their carts.

The consequences of this friction extend beyond lost sales. E-commerce platforms miss out on the opportunity to build customer loyalty and gather valuable customer data for tailored marketing strategies. When users opt for guest checkouts, companies lose the chance to personalize their outreach and marketing efforts. Marketing is all about understanding your audience, and the more information a company has about its users, the better they can target and engage prospective customers effectively. Studies show that users who create accounts have a 10% higher average order value.

What if e-commerce websites offered an alternative solution to the traditional password setup, allowing users to employ biometrics for authentication in the form of “one-step checkout” so that customers don’t have to enter their information repeatedly? Passwordless authentication that utilizes biometrics, such as touch ID and Face ID can provide a seamless and secure user experience. No need for complex passwords! Additionally, implementing FIDO-based Passkey authentication solutions, like those offered by Nok Nok, can protect users from the most common type of attack – phishing – making it extremely difficult for malicious actors to gain unauthorized access to accounts. This proactive approach to security not only benefits customers but also strengthens the credibility and trustworthiness of e-commerce platforms.

By embracing passwordless authentication solutions, e-commerce platforms can simplify the onboarding process leading to increased account creation and reduced cart abandonment rates. The seamless experience would encourage users to complete their purchases, engage more often and potentially foster long-term relationships, leading to increased revenue and enhanced customer loyalty.

It’s evident that the traditional method of creating and managing passwords is outdated and cumbersome, particularly in the fast-paced world of e-commerce. Implementing FIDO-based passkey authentication can be a game-changer, providing users with a more convenient and secure means of accessing e-commerce sites. It’s time for the industry to embrace these innovative authentication methods and elevate the online shopping experience for everyone.

05 Oct

4 Min read

Fun and Not so Fun Evolution of Authentication: Nok Nok’s Cybersecurity Month Special Series

October 5, 2023 Nok Nok News 0 comments

In the vast landscape that is the digital world, security is paramount. As technology advances, so does the sophistication of cyber threats. Recognizing this critical need for cybersecurity, the month of October has been designated as Cybersecurity Awareness Month. This observance, which began in the early 2000s, aims to raise awareness about cybersecurity and educate individuals and organizations about the importance of protecting their digital assets.

Throughout this Cybersecurity Awareness Month, we will embark on a fascinating journey through the evolutionary phases/lens of authentication. Authentication, the process of verifying the identity of users and systems, has come a long way from its humble beginnings. From passwords to biometrics, multi-factor authentication (MFA), one-time passwords (OTP), and ultimately passwordless and passkeys, we explore the transitions that have revolutionized the way we secure our digital lives.

Fun-Facts and Not-So-Fun-Facts

The Era of Passwords
Passwords were the pioneers of authentication in the digital realm. Their roots can be traced back to ancient times when watchwords and secret codes were used to gain access to restricted areas. Fast forward to the computer age, passwords became a ubiquitous form of authentication. The word “password” itself can be dated back to the 1960s, gaining prominence with the advent of computing.
Fun Fact: The world’s first password, reportedly used at the Massachusetts Institute of Technology (MIT) in the early 1960s, was “password.”
Not-So-Fun Fact: Weak passwords are still a major vulnerability. “123456” and “password” have consistently topped the list of most commonly used passwords, highlighting the need for stronger authentication methods.

Rise of Biometrics
The 21st century brought forth a paradigm shift in authentication with the integration of biometrics. Biometric authentication uses unique physical or behavioral traits, such as fingerprints, facial recognition, and voice patterns, to verify an individual’s identity.
Fun Fact: The idea of using fingerprints as a means of identification dates back to ancient Babylon, where fingerprints were used on clay tablets for business transactions.
Not-So-Fun Fact: Modern AI makes it easy to create deep-fakes, making spoofing practical, emphasizing the need for a possession factor as well.

Multi-Factor Authentication (MFA)
To enhance security, the concept of MFA (or two-factor) emerged, combining two or more authentication methods. MFA typically involves a combination of something you know (e.g., password), something you have (e.g., smartphone), and something you are (e.g., fingerprint).
Fun Fact: MFA can be traced back to the use of bank ATM cards, which require the card (something you have) and a PIN (something you know).
Not-So-Fun Fact: Phishing attacks can bypass legacy MFA, emphasizing the need for phishing-resistant MFA.

One-Time Passwords (OTP)
OTP is a dynamic authentication method that provides a single-use code, usually valid for a short period. It’s widely used for secure logins and transactions.
Fun Fact: OTPs gained popularity in the mid-2000s and have since become a standard for secure online interactions.
Not-So-Fun Fact: OTPs are easily phishable and users have no easy way of knowing whether they are entering them into a legitimate application.

The Emergence of Passwordless Authentication and Passkeys
In a bid to eliminate the weaknesses associated with traditional passwords, passwordless authentication and passkeys have gained traction. Passwordless authentication often leverages biometrics, device fingerprinting, or cryptographic keys to verify users, while passkeys involve securely stored credentials on devices.
Fun Fact: FIDO (Fast Identity Online) Alliance has played a significant role in the development and adoption of passwordless authentication standards.
Not-So-Fun Fact: The adoption of new authentication methods can be slow due to organizational readiness and resistance to change.

Conclusion

Cybersecurity Awareness Month serves as a timely reminder of the ever-evolving landscape of cybersecurity and the imperative to stay informed and updated. The journey from passwords to passkeys showcases the constant efforts and innovations in the realm of authentication to enhance security and protect our digital footprints. As we celebrate Cybersecurity Awareness Month, let us embrace these advancements and continually strive to bolster our digital defenses for a safer online world.

Nok Nok News

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Nok Nok News

New AI-powered functionality will enhance security, user experience, and operational efficiency

Nok Nok Authentication Cloud available through AWS Marketplace

1. Completeness: Beyond the Minimum Viable Product

2. Support for Diverse Environments: Native Apps, Web Apps, Devices, and Regulatory Requirements

3. Seamless Integration and Backend Infrastructure Support

4. Maintenance Challenges: Keeping Pace with Specifications

5. Reducing Development Risks and Project Failures

6. Capitalizing on Investment and Experience

Fun-Facts and Not-So-Fun-Facts

Conclusion

Contact Us

Contact and Subscribe

Latest Posts

Navigation

Please complete this form to view and download this resource.

Submit to Download Forms

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.