08 Jul

5 Min read

Passkeys for E-commerce: A Game Changer Part 2

July 8, 2025 Nok Nok News 0 comments

Passkeys for E-commerce: A Game Changer Part 2

In the last blog post, we covered the frustration of password management for users and how it has become a universal experience. Specifically, we covered why passwords are a problem, passkeys and their passwordless experience, and finally recommendations on the strategies required to make the move from passwords to passkeys.

In this blog, we will continue the conversation to provide a better view of what delivering a passkey-based passwordless experience requires and the benefits it will ultimately provide.

Implementation Considerations for Passkeys in E-Commerce

When rolling out passkeys for authentication in e-commerce, organizations must take a holistic approach that addresses technical, user experience, and platform-specific factors to ensure both security and adoption.

Use Cases

Passkeys should be strategically integrated into key user journeys where security and convenience are paramount. This includes not only sign-in and onboarding experiences but also high-security activities such as changing delivery addresses or redeeming loyalty points, and especially payment authentication. By targeting these critical touchpoints, e-commerce platforms can maximize the impact of passkeys, streamlining processes while significantly reducing the risk of account takeover and fraud. Leading retailers like Amazon and eBay have already demonstrated the value of passkeys in these scenarios, setting new standards for secure and seamless customer interactions.

User Experience

A successful passkey implementation hinges on user education and thoughtful UX design. Users should be primed about what to expect when encountering passkeys, with clear, reassuring messaging that explains the benefits, such as faster logins, enhanced security, and protection from phishing. Testing different messaging approaches is essential to identify what resonates and reduces confusion, especially since passkeys represent a shift from familiar password-based flows. Educational prompts, visual cues, and step-by-step guidance can help users understand and trust the new system, minimizing abandonment during onboarding or authentication. Ultimately, a seamless and intuitive experience will drive adoption and satisfaction.

Platform Support

E-commerce organizations must ensure robust support across all major platforms: iOS, Android, and web applications, while accounting for the diverse device combinations their customers use (e.g., iPhone with Windows PC). This includes providing a consistent experience for both new and existing users, regardless of their device ecosystem. Technical challenges such as cross-device authentication, account recovery, and syncing passkeys across platforms must be addressed to avoid friction and ensure reliability. Leveraging established passkey providers or APIs can simplify these complexities, enabling faster deployment and higher adoption rates while maintaining security and compliance.

Best Practices

Based on experiences with numerous global deployments, here are the key lessons we have learned:

Delight Your Users
- Only offer passkeys when practical on specific devices
- Actively suggest passkey creation rather than waiting for users to discover the option
- Be mindful of users accustomed to seamless experiences in mobile apps
Simplify Implementation
- Use SDKs with consistent APIs across platforms
- Employ headless widgets to reduce code complexity
- Design authentication rules that can be changed without app updates
Enhance Security
- Verify user identity before allowing passkey creation
- Consider risk scenarios (particularly for high-value features)
- Protect against denial-of-service attacks

Getting Started

Passkeys are already being used by many companies globally, including large retailers. Users have experienced their benefits through accounts with Apple, Google, Microsoft, and Amazon.

As part of OneSpan, Nok Nok stands out in the authentication market by delivering a secure, scalable, and customizable passwordless authentication platform that addresses the challenges of modern digital security. As a founding member of the FIDO Alliance and a key contributor to passkey standards, our technology enables organizations to eliminate passwords, reducing the risk of phishing, account takeovers, and other cyberattacks. The platform supports seamless integration with existing systems, offers flexible deployment options (on-premise or cloud), and provides adaptive authentication that adjusts security measures based on real-time risk signals like device health and location. This approach not only strengthens security but also streamlines user experiences, leading to faster sign-ups, higher authentication success rates, and significant reductions in account recovery requests and operational costs.

Together, OneSpan and Nok Nok, we are proud that our advanced authentication technology is trusted by some of the world’s largest brands, including leading banks and mobile network operators. Our platform is purpose-built to handle internet-scale deployments with zero downtime, supporting all major devices and operating systems. With developer-friendly SDKs and prebuilt authenticator apps, we make it easy for organizations to modernize authentication across a wide range of use cases and user populations, all while reducing development and maintenance costs.

The right technology partner can make implementation easier. Look for solutions that offer:

Intelligent credential detection
Quick authentication with minimal latency
Flexible support for multiple authentication methods
Transparent migration from legacy biometrics
Industry benchmarks for comparison
Granular adaptive policies
Detailed analytics and audit trails

Conclusion

Passkeys represent a genuine game-changer for e-commerce authentication. By offering a more convenient, secure, and consistent user experience across all digital channels, they address the fundamental problems of password-based systems while providing measurable business benefits.

The technology is mature, widely supported, and ready for adoption. For e-commerce businesses looking to improve conversion rates, enhance security, and reduce operational costs, the time to implement passkeys is now.

01 Jul

4 Min read

Passkeys for E-commerce: A Game Changer Part 1

July 1, 2025 Nok Nok News 0 comments

Passkeys for E-commerce: A Game Changer Part 1

In today’s digital landscape, the frustration of password management for users has become a universal experience. Whether you’re trying to read an online magazine or make a purchase, being prompted for a password you can’t remember is a common pain point that affects both users and businesses.

The Problem with Passwords

Password technology is 50+ years-old, and we still rely on it today, creating real business challenges:

Revenue Impact: Users avoid creating new accounts when prompted for passwords, with 25% abandoning account creation entirely. On mobile devices, the problem is even worse, with 20% more guest checkouts compared to desktop.
Security Vulnerabilities: Passwords remain the number one source of breaches due to phishing, man-in-the-middle attacks, and server-side credential stealing, all of which damage brand reputation.
Operational Costs: Up to 80% of users recover their accounts annually, creating unnecessary support costs and user frustration.

The experience passwords deliver is frustrating for end users and provides little security when protecting data, applications, and services. Layering on two-factor authentication or multi-factor authentication has only complicated the experience, and hackers are finding ways around them. But what is the alternative?

Enter Passkeys: The Passwordless Solution

Passkeys represent a revolutionary approach to authentication that solves these problems by leveraging cryptography, biometrics, and native device support. As a FIDO-based standard endorsed by major tech companies and regulatory bodies, passkeys are becoming mainstream, with 75% of consumers already aware of them (a 75% increase since 2022).

Key Benefits for E-commerce

Improved User Experience

10-20% increase in account creation success
2-17x faster sign-in times
6x better sign-in success rates
65-99% reduction in account recovery needs

Enhanced Security

Phishing-resistant authentication
Protection against server-side credential theft
No shared biometric data (GDPR-friendly)

Cross-Platform Consistency

Create one passkey and use it across web and mobile apps
Works seamlessly across multiple devices (smartphones, tablets, laptops)
Syncs through platform providers like Apple, Google, and Microsoft

Implementation Strategy

Phase 1: Planning and Early Adoption

The journey to passkey authentication in e-commerce begins with thoughtful planning and an early adoption phase. Here, organizations must clearly define the use cases where passkeys will deliver the most value, such as streamlining checkout or securing account management, and identify the target user groups most likely to benefit from a passwordless experience. Establishing key performance indicators (KPIs) is essential to measure success, whether it’s reduced login friction, increased conversion rates, or improved security metrics. During this phase, it’s critical to allow users to opt into passkeys rather than mandating the change, ensuring a smooth transition and minimizing resistance. By closely monitoring adoption rates and gathering user feedback, organizations can iterate on the experience, address pain points, and build trust in this new authentication paradigm.

Phase 2: Incentivizing Adoption

Once the foundation is set, the next phase focuses on accelerating adoption by actively incentivizing users. E-commerce organizations can offer tangible rewards, such as loyalty points or exclusive discounts, for customers who create and use passkeys, turning security into a value-added proposition. Proactive prompts and clear messaging should encourage users to set up passkeys, highlighting the benefits of speed, convenience, and enhanced protection against phishing. For new users, the onboarding process can be made passwordless from the outset, eliminating legacy friction and setting a new standard for account creation. This phase is about making passkeys not just available, but desirable, leveraging both behavioral nudges and direct incentives to drive widespread uptake.

Phase 3: Password Deprecation

With strong adoption in place, organizations can move toward the final phase: password deprecation. At this stage, passkeys become the default—and eventually the required—authentication method for all new users, ensuring that the next generation of customers never needs to create or remember a password. For existing users, a gradual migration strategy is key: targeted communications, in-app prompts, and support resources can help guide them through the transition. High-security features, such as account recovery or payment management, can be made passkey-only to further reduce risk and reinforce the new standard. By phasing out passwords, e-commerce organizations not only enhance security but also deliver a seamless, modern user experience that sets them apart in a competitive market.

In the next blog, we’ll continue this discussion by covering important implementation considerations, some best practices based on our experiences, and finally, how to get started on this journey.

05 Jun

5 Min read

OneSpan Accelerates FIDO Leadership With Acquisition Of Nok Nok Labs

June 5, 2025 Nok Nok News 0 comments

BOSTON AND SAN JOSE– June 5, 2025 – OneSpan Inc. (NASDAQ: OSPN) today announced the acquisition of Nok Nok Labs Inc., a leading provider of FIDO passwordless software authentication solutions. By joining forces with Nok Nok, OneSpan is driving the industry towards a more secure future, enabling customers to adopt a wide range of flexible, future-proof authentication options.

Combined with OneSpan’s recently launched FIDO2 security keys, this strategic acquisition enables the Company to provide customers worldwide with the industry’s most innovative, comprehensive, and future-ready authentication portfolio. Whether on-premises or in the cloud, OTP or FIDO, software or hardware—including Digipass, FIDO2 protocols, and Cronto solutions for transaction signing—OneSpan now offers customers maximum flexibility to meet their authentication needs.

“This is more than an acquisition — it’s a bold step toward providing customers with maximum choice in authentication,” said Victor Limongelli, CEO at OneSpan. “We’re evolving our entire authentication platform to include FIDO standards because we believe passwordless is an important part of the future. With Nok Nok’s world-class technology and FIDO expertise, we now offer the most comprehensive and versatile customer authentication solution on the market.”

As a founding member of the FIDO Alliance, Nok Nok has been at the forefront of advancing passwordless authentication standards globally. With a customer base spanning the US, Asia, and Europe, Nok Nok delivers robust, standards-based security solutions trusted by leading enterprises. The company’s strong authentication platform ensures seamless integration and scalability, supporting UAF and FIDO2 protocols to meet diverse regulatory and business requirements. Nok Nok leads the industry with innovative solutions that simplify secure user experiences across digital channels.

“Joining OneSpan marks an exciting new chapter for our team and our technology,” said Phillip Dunkelberger, President & CEO at Nok Nok. “We’ve always believed that open standards like FIDO are an important part of the future of authentication, and with OneSpan’s global reach and innovation engine, we’re now poised to bring our vision to an even broader audience.”

“This is an exciting combination for the FIDO Alliance and the authentication market in general,” said Andrew Shikiar, Executive Director & CEO of the FIDO Alliance. “Nok Nok has been a trailblazer in the FIDO ecosystem, and we’re thrilled to see their innovation carried forward through OneSpan’s global reach and resources.”

With this acquisition, OneSpan plans to integrate the strengths of both companies into a unified, more powerful portfolio that delivers greater value to banking and enterprise customers.

About OneSpan
OneSpan provides secure authentication, identity, electronic signature and digital workflow solutions that protect and facilitate digital transactions and agreements. The Company delivers products and services that automate and secure customer-facing and revenue-generating business processes for use cases ranging from simple transactions to workflows that are complex or require higher levels of security. Trusted by global blue-chip enterprises, including more than 60% of the world’s 100 largest banks, OneSpan processes millions of digital agreements and billions of multi-factor authentication transactions in 100+ countries annually.

For more information, go to www.onespan.com. You can also follow @OneSpan on X (Twitter) or visit us on LinkedIn and Facebook.

Forward-Looking Statements
This press release contains forward-looking statements within the meaning of applicable U.S. securities laws, including statements regarding: our beliefs and expectations about the future of authentication, including passwordless authentication and FIDO standards; our plans regarding Nok Nok Labs, Inc. technology and its integration with OneSpan solutions; and the general impact of, and outcomes from, the acquisition of Nok Nok Labs, Inc. Forward-looking statements may be identified by words or phrases such as “seek”, “believe”, “plan”, “estimate”, “anticipate”, “expect”, “intend”, “continue”, “outlook”, “may”, “will”, “should”, “could”, or “might” and other similar expressions. These forward-looking statements involve risks and uncertainties, as well as assumptions that, if they do not fully materialize or prove incorrect, could cause our results to differ materially from those expressed or implied by such forward-looking statements. Factors that could materially affect our business and financial results include, but are not limited to the factors described in the “Risk Factors” section of our Annual Report on Form 10-K, as updated by the “Risk Factors” section of our Quarterly Report on Form 10-Q for the quarter ended March 31, 2025. Our filings with the Securities and Exchange Commission (the “SEC”) and other important information can be found in the Investor Relations section of our website at investors.onespan.com. We do not have any intent, and disclaim any obligation, to update the forward-looking information to reflect events that occur, circumstances that exist or changes in our expectations after the date of this press release, except as required by law.

Unless otherwise noted, references in this press release to “OneSpan”, “Company”, “we”, “our”, and “us” refer to OneSpan Inc. and its subsidiaries.

Media contact:
Nicole Bosgraaf
Director, Global PR and Social Media
+1-401-219-2131
[email protected]

Investor contact:
Joe Maxa
Vice President of Investor Relations
+1-312-766-4009
[email protected]

28 May

4 Min read

Protecting Critical Healthcare Data Requires Strong Leadership

May 28, 2025 Nok Nok News 0 comments

Protecting Critical Healthcare Data Requires Strong Leadership

01 May

3 Min read

World Password Day: Time to Ditch Passwords for Good?

May 1, 2025 Nok Nok News 0 comments

World Password Day: Time to Ditch Passwords for Good?

Every year, World Password Day comes around, reminding us to update our passwords. But this year, let’s ask a bigger question: Is it time to move beyond passwords altogether? At Nok Nok, we think so. Passwords have served us well, but in today’s digital landscape, they’re becoming more of a liability than an asset.

The History of Passwords: From Watchwords to Digital Headaches

Passwords have a surprisingly long history. From the Roman “watchwords” to Prohibition-era speakeasies’ secret phrases, the concept of using a secret word or phrase for identification has been around for centuries. In 1961, MIT’s Fernando Corbató invented the first digital password, allowing multiple users to share a computer securely.

However, as technology evolved, so did the number of passwords we needed to remember. Today, the average person juggles over 100 passwords. This has led to password fatigue, with many people reusing weak passwords or relying solely on their memory, both of which are risky.

The Problems with Passwords

Passwords are inherently flawed. Here are some of the key issues:

Password overload: With so many accounts, people often reuse passwords or choose weak ones, making them easy targets for hackers.
Phishing and brute force attacks: Cybercriminals frequently target passwords because they are relatively easy to steal or guess.
Password sharing: Sharing passwords, even with trusted individuals, increases security risks.
Password managers: While helpful, if the master password is compromised, all stored passwords are at risk.
AI cracking: Artificial intelligence can now crack common passwords in seconds, making traditional password security even less effective.

The Passwordless Future: A More Secure and Convenient Solution

At Nok Nok, we believe the future is passwordless. Passwordless authentication uses things you have (like your phone) or things you are (like your fingerprint) to log you in securely. This eliminates the need for passwords altogether.

Benefits of Going Passwordless

Stronger security: With no password to steal or guess, security is significantly improved.
Better user experience: Users no longer need to remember multiple passwords or go through password reset processes.
Lower costs: Fewer password resets mean less IT support and reduced costs.

How Nok Nok Enables Passwordless Authentication

Nok Nok provides best-of-breed passwordless solutions that make it easy to migrate from legacy to modern authentication methods like FIDO. Our proven platform supports:

Passkey authentication: Across the widest range of devices
Device-based for added security: Use a mobile device with a native app or a hardware token for authentication.
Flexible integration: Works seamlessly with existing apps and systems.

We work with various organizations, including top banks, retailers, and healthcare providers, to help them transition to passwordless authentication.

This World Password Day, consider moving beyond passwords. Let Nok Nok help you embrace a more secure and convenient future. The best password is no password at all. Maybe going forward we should rename this day to World Passkey Day, and eliminate passwords all together.

30 Apr

4 Min read

Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective

April 30, 2025 Nok Nok News 0 comments

Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective

The Verizon 2025 Data Breach Investigations Report (DBIR) paints a clear, urgent, and yet familiar picture: password-related attacks remain the number one threat to organizations worldwide. As a leader in passwordless authentication, here at Nok Nok, we see the findings as both a wake-up call and a validation of our mission to move everyone beyond passwords.

Key Findings: Passwords and Credential Abuse Remain Top Risks

The report highlights several critical points regarding the persistence of credential-based attacks:

Stolen Credentials Are the Primary Entry Point: Credential abuse was the initial vector in 22% of breaches globally, making it the single most common way attackers get in. Attackers aren’t hacking their way in-they’re logging in through the front door using stolen, guessed, or leaked passwords.
Web Application Attacks Rely on Credentials: A staggering 88% of basic web application attacks involved stolen credentials. This highlights how password reuse and weak password policies continue to undermine security.
Phishing and Social Engineering Fuel Credential Theft: Phishing accounted for nearly 25% of breaches, and social engineering remains a top tactic for stealing login information. The median time for a user to click a phishing link was just 21 minutes-far faster than most organizations can detect and respond. Yikes!
Infostealers Target Devices and Credentials: 30% of infostealer-compromised systems were enterprise-managed, but 46% were unmanaged, often personal devices used for work (BYOD). This exposes organizations to credential theft outside their direct control.
Ransomware and Credentials: Ransomware was present in 44% of breaches, and infostealer logs containing corporate credentials were found in over half of ransomware victims. Credentials are often the first step to a much larger compromise.

Other Notable Trends from the 2025 DBIR

Beyond credential attacks, the DBIR also highlights other significant trends:

Exploitation of Vulnerabilities: Exploits targeting unpatched edge devices (like VPNs and firewalls) surged by 34%, now accounting for 20% of breaches. Attackers are increasingly automating the exploitation of known and zero-day vulnerabilities.
Third-Party Breaches: The share of breaches involving third parties doubled to 30%, highlighting the risks in supply chains and partner ecosystems.
Human Error: Human involvement remains a factor in 60% of breaches, reinforcing the need for user training and better security design.
Remediation Gaps: Only 54% of vulnerable edge devices were patched, with a median fix time of 32 days-leaving a wide window for attackers.

Why Passwords Remain the Weak Link

The DBIR’s findings confirm what we at Nok Nok have long argued: passwords are fundamentally flawed as a security mechanism. Attackers exploit them because:

They are easily stolen via phishing, malware, or leaks.
Users often reuse passwords, at work and at home, across multiple sites.
Passwords can be guessed, brute-forced, or found in breached databases.
Device and BYOD risks mean credentials can be compromised outside IT’s visibility.

As the report states, “Credential theft continues to be the key to the kingdom in the majority of breaches. And it’s not slowing down”.

The Path Forward: Passwordless Authentication

For organizations looking to break the cycle, the DBIR offers a clear mandate: move beyond passwords. Here’s how Nok Nok recommends responding:

Adopt Passwordless, Phishing-Resistant Authentication: FIDO-based authentication(aka passkeys) eliminate the risks of credential theft, phishing, and reuse by removing passwords from the equation.
Enforce Strong Access Controls for Devices: Ensure only managed, secure devices can access sensitive systems-especially in BYOD environments.
Accelerate Patch Management: Reduce the window for vulnerability exploitation by patching edge devices and VPNs rapidly.
Invest in User Training and Real-Time Detection: While technology is critical, user awareness and rapid response to phishing remain essential.

Conclusion: The Time to Act Is Now

The 2025 Verizon DBIR makes it clear: attackers are evolving, but they still rely on the same old trick – stealing passwords. Why? Because it’s the least path of resistance. Why spend time hacking when you can just log in instead? As long as organizations depend on passwords, breaches will continue. At Nok Nok, we believe the solution is simple: eliminate passwords, embrace modern authentication, and close the door on credential-based attacks for good. This gets us out of the arms-race and leap-frogs credential based attacks. If you’re attending Kuppinger Cole EIC 2025, our very own Rolf Lindemann, Vice President, Products, will be speaking to this very topic!

The future of security is passwordless. Let’s make 2025 the year we finally leave passwords behind.

29 Apr

3 Min read

Phillip Dunkelberger Recognized as a “Champion in Security” by Portal26 at RSA Conference 2025

April 29, 2025 Nok Nok News 0 comments

Phillip Dunkelberger Recognized as a “Champion in Security” by Portal26 at RSA Conference 2025

SAN FRANCISCO, April 29, 2025 /PRNewswire-PRWeb/ — Nok Nok, a leader in passwordless authentication for the world’s largest organizations, is pleased to congratulate, Phillip Dunkelberger, CEO of Nok Nok, for being named a Champion in Security for Community by Portal26 during its Third Annual Champions in Security Awards at the 2025 RSA Conference in San Francisco.

The Champions in Security Awards, organized by Portal26, honor cybersecurity professionals who exemplify the values of Respect, Inclusion, Innovation, Community, Collaboration, and Education. This recognition reflects not just individual excellence but the power of collective action in advancing security and resilience in a rapidly changing digital world.

“I’m honored to be selected by my peers, but this recognition isn’t just about me—it’s about the communities I’ve been fortunate to be part of throughout my career,” said Phillip Dunkelberger.

“From helping establish Ethernet specifications during my early days at Xerox, to the passionate international PGP movement, and now to the incredible global community around FIDO, I’ve seen firsthand how real change happens when people come together. Authentication is where cyber criminals start. That’s why we and others invented the FIDO protocol and launched the FIDO Alliance and invented the FIDO protocols to eliminate passwords and to build something better.”

Phillip’s award underscores a legacy of community-driven innovation. Fourteen years ago, he and a group of security visionaries founded the FIDO Alliance, a now-global organization working to eliminate passwords—the weakest link in cybersecurity. FIDO, which began as a bold idea, has since grown into international standards adopted by industry leading companies and governments alike. Today, passkeys are reshaping how billions of people authenticate online and make digital life safer for everyone.

As cyber threats become more sophisticated and AI accelerates both risks and innovation, Nok Nok remains committed to delivering strong, simple, and scalable authentication that protects users and enterprises.

Nok Nok extends its sincere thanks to Portal26 for celebrating the work of those who fight to protect our digital infrastructure. The cybersecurity field is not a singular effort—it is made up of many communities that work across technologies, industry sectors, and borders to defend against evolving threats.

Congratulations to all of this year’s Champions. Your leadership is helping build a safer digital future—for everyone.

About Nok Nok

Nok Nok lets you create safer, faster user experiences with key-based passwordless authentication based on the FIDO and other standards that enable compliance with global user and data privacy regulations. Nok Nok is a leader in passwordless customer authentication and is trusted by the biggest banks, telcos and fintechs including BBVA, Intuit, Motorola Solutions Inc., NTT DOCOMO, Standard Bank, T-Mobile, and Verizon. For more information, visit www.noknok.com.

Media Contact
Kristen Caron, Nok Nok, 1 9784079283, [email protected], https://noknok.com/

02 Apr

3 Min read

Another Step Towards a Passwordless Future

April 2, 2025 Nok Nok News 0 comments

Another Step Towards a Passwordless Future

Microsoft’s announcement that it will be replacing passwords with passkeys for over a billion users by 2025 is huge news for the entire digital security landscape. At Nok Nok, we’re not just excited – we see this as the right approach, and another step on the long-overdue journey toward a passwordless future.

Why Microsoft’s Move Matters
Microsoft’s decision to make passkeys the default sign-in method across its platforms (including Outlook, Xbox, and Microsoft 365) is a powerful endorsement of passwordless authentication.

Here’s why we think it’s so important:

Reach: Microsoft can bring passwordless authentication to a massive audience. Educating their users about the benefits and ease of use of passkeys will accelerate adoption across the board.

Security: Passkeys, built on FIDO standards, offer significantly stronger security than passwords. They are resistant to phishing, keylogging, social engineering, and other common attacks that passwords are vulnerable to. With cyberattacks targeting login credentials on the rise, this enhanced security is purpose-built to meet security needs.

User Experience: Microsoft is focusing on a streamlined sign-up and sign-in process, making passkeys easy to adopt and use. By making the user experience simple and intuitive, they are removing a major barrier to adoption.

Another Nail in the Password Coffin
For years, passwords have been the weakest link in online security. They are hard to remember, easy to guess, and constantly targeted by attackers. The industry has known this for a long time, and we’ve been working towards a better solution. Microsoft’s move is another big step in getting rid of passwords once and for all, leading us closer to a more secure online world.

What This Means for the Industry
Microsoft’s commitment to passkeys will likely have a ripple effect across the industry. As more and more users experience the benefits of passwordless authentication, other companies will be compelled to follow suit. This increased adoption will drive further innovation and standardization in the passkey space, making it easier for everyone to implement and use passwordless solutions.

Why We’re Thrilled Here at Nok Nok
We here at Nok Nok have been a pioneer in passwordless authentication, and we’re excited to see a tech giant like Microsoft championing passkeys. We know that passkeys are the future of authentication. Microsoft’s initiative validates our vision and demonstrates the growing momentum behind passwordless technology. We have been building and deploying FIDO-based passwordless solutions for over a decade and our FIDO-certified solutions are deployed at internet scale to hundreds of millions of global end users. We are ready to support businesses in implementing passkeys and are excited about helping make the internet safer for everyone!

27 Mar

2 Min read

Enhancing Amazon Cognito with Nok Nok’s FIDO-Certified Authentication

March 27, 2025 Nok Nok News 0 comments

Enhancing Amazon Cognito with Nok Nok’s FIDO-Certified Authentication

We’ve recently made an exciting announcement about what Nok Nok is doing with Amazon, and we’re proud of it. We’ve made our Nok Nok Authentication Cloud available for Amazon Cognito, directly from AWS Marketplace, which means businesses can easily integrate our exceptional authentication into their Amazon Cognito deployment.

Organizations using Cognito can now make logging in safer and easier. Instead of using passwords, organizations can implement phishing-resistant, FIDO-certified authentication with a seamless user experience through advanced technologies and adaptive security measures. Our Nok Nok Authentication Cloud prevents account takeover and fraud while offering a frictionless login experience tailored to modern security needs.

What’s really cool and the best part about the integration is that Nok Nok Authentication Cloud makes it easy to transition from legacy methods to modern FIDO-based passkey authentication, simplifying the complexities across platforms and devices. This means organizations can take advantage of features like adaptive authentication policies, which, once configured, will adjust authentication paths based on contextual data like existing credentials, device type, device health, and location. This flexibility allows Amazon Cognito customers to select the authentication options best suited to their application ecosystems while ensuring they stay ahead of evolving cybersecurity standards.

This is a big deal for organizations using Amazon Cognito because it simplifies the process of implementing secure authentication. They can get it directly from the AWS Marketplace, which makes it easy to set up and manage, helping them stay ahead of evolving cybersecurity threats.

We’re proud to have our Nok Nok Authentication Cloud available to Amazon Cognito users because it will help these organizations combine security with a smoother user experience. And since it’s integrated with the marketplace, it’s easy for companies to purchase, adopt, and use.

If you’d like more information, please check out this integration video and contact us via the form below.

27 Feb

4 Min read

Navigating Cybersecurity in Operational Technology: Insights from the Joint Cyber Defense Collaborative

February 27, 2025 Nok Nok News 0 comments

Navigating Cybersecurity in Operational Technology:
Insights from the Joint Cyber Defense Collaborative

The Joint Cyber Defense Collaborative (JCDC) released an important document titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This collaborative effort involves major players in cybersecurity, including the Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Federal Office for Information Security (BSI), the UK National Cyber Security Centre, and the European Commission. The document is a significant step towards enhancing the cybersecurity posture for operational technology (OT) environments, which are increasingly vulnerable to cyber threats.

Some key takeaways from the document:
The JCDC’s recommendations provide a roadmap for OT owners and operators to make informed decisions when selecting digital products. Here are two critical points highlighted in the document:

1. Phishing-Resistant Multi-Factor Authentication (MFA)
One of the standout recommendations is the call for buyers to prioritize products that include phishing-resistant multi-factor authentication (MFA) in their baseline versions, underscoring the importance of robust authentication mechanisms in today’s threat landscape:

● Selection criteria: The baseline version of the product supports role-based access control (RBAC) and multifactor authentication (MFA), particularly for changes to safety-critical equipment.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate the use of shared role-based passwords in their products? Is MFA included in the baseline version?

● Why this matters: Strong authentication allows for defense-in-depth and enables identity and access management best practices.

For organizations looking to comply with this guidance, solutions like the Nok Nok S3 Suite, the Authentication Cloud, and the IoT SDK are excellent options. These products offer advanced authentication capabilities that help mitigate the risk of phishing and man-in-the-middle attacks, ensuring that only authorized users can access critical systems and data. Implementing such solutions is a proactive step towards safeguarding operational technology environments.

2. Elimination of Default Passwords
Another critical focus of the document is the elimination of default passwords, which is listed as a key aim to achieve “Secure by Design” practices. Default passwords are often a weak link in cybersecurity, providing an easy entry point for malicious actors. The document stresses the need for organizations to move away from these vulnerabilities and adopt more secure password practices:

● Selection criteria: The product is delivered secure out of the box, resilient against the most prevalent threats and vulnerabilities, without requiring additional configuration from users or administrators.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate default passwords?

● Why this matters: Insecure default settings expose asset owners to more risk and increase security costs.

Using the Nok Nok IoT SDK can significantly aid operational technology operators in this endeavor. The SDK facilitates the implementation of phishing-resistant authentication methods that do not rely on default passwords, thus enhancing the overall security of IoT devices and systems. By leveraging such technology, organizations can ensure that their OT environments are better protected against unauthorized access.

The Importance of Cybersecurity in Operational Technology
As operational technology systems become more interconnected and reliant on digital products, the need for robust cybersecurity measures has never been more critical. The recommendations put forth by the JCDC are not just best practices; they represent a foundational shift towards a security-first approach in the selection and implementation of digital products.
By prioritizing phishing-resistant MFA and eliminating default passwords, OT owners and operators can build a more resilient infrastructure capable of withstanding evolving cyber threats. The guidance provided in the JCDC’s document serves as a valuable resource for organizations looking to enhance their cybersecurity strategies and protect their critical assets.

Conclusion
The publication of “Secure by Demand” marks a pivotal moment for organizations involved in operational technology. As cyber threats continue to evolve, the emphasis on secure design principles and robust authentication mechanisms cannot be overstated. By following the recommendations of the JCDC and integrating solutions like the Nok Nok S3 Suite and IoT SDK, organizations can take substantial steps towards fortifying their defenses and ensuring the integrity of their operational technology environments. In a digital landscape fraught with risks, being proactive about cybersecurity is not just an option; it’s a necessity.

Nok Nok News

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Nok Nok News

Passkeys for E-commerce: A Game Changer Part 2

Implementation Considerations for Passkeys in E-Commerce

Use Cases

User Experience

Platform Support

Best Practices

Getting Started

Conclusion

Passkeys for E-commerce: A Game Changer Part 1

The Problem with Passwords

Enter Passkeys: The Passwordless Solution

Key Benefits for E-commerce

Implementation Strategy

World Password Day: Time to Ditch Passwords for Good?

Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective

Phillip Dunkelberger Recognized as a “Champion in Security” by Portal26 at RSA Conference 2025

Another Step Towards a Passwordless Future

Enhancing Amazon Cognito with Nok Nok’s FIDO-Certified Authentication

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

Submit to Download Forms

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.