• Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • Smart Analytics Module
    • Smart Sense Module
    • IoT SDK
  • Resources
    • Demo
    • Videos
    • White Papers
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support Services
© All rights reserved.
Nok Nok Nok Nok
  • Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • Smart Analytics Module
    • Smart Sense Module
    • IoT SDK
  • Resources
    • Demo
    • Videos
    • White Papers
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support Services
Free Trial
Sign In
Nok Nok
28 May
4 Min read

Protecting Critical Healthcare Data Requires Strong Leadership

May 28, 2025 Nok Nok News Cybersecurity, passwordless authentication 0 comments
Protecting Critical Healthcare Data Requires Strong Leadership
Read more
01 May
3 Min read

World Password Day: Time to Ditch Passwords for Good?

May 1, 2025 Nok Nok News Cybersecurity, passwordless authentication 0 comments

World Password Day: Time to Ditch Passwords for Good?

Every year, World Password Day comes around, reminding us to update our passwords. But this year, let’s ask a bigger question: Is it time to move beyond passwords altogether? At Nok Nok, we think so. Passwords have served us well, but in today’s digital landscape, they’re becoming more of a liability than an asset.

The History of Passwords: From Watchwords to Digital Headaches

Passwords have a surprisingly long history. From the Roman “watchwords” to Prohibition-era speakeasies’ secret phrases, the concept of using a secret word or phrase for identification has been around for centuries. In 1961, MIT’s Fernando Corbató invented the first digital password, allowing multiple users to share a computer securely.

However, as technology evolved, so did the number of passwords we needed to remember. Today, the average person juggles over 100 passwords. This has led to password fatigue, with many people reusing weak passwords or relying solely on their memory, both of which are risky.

The Problems with Passwords

Passwords are inherently flawed. Here are some of the key issues:

  • Password overload: With so many accounts, people often reuse passwords or choose weak ones, making them easy targets for hackers.
  • Phishing and brute force attacks: Cybercriminals frequently target passwords because they are relatively easy to steal or guess.
  • Password sharing: Sharing passwords, even with trusted individuals, increases security risks.
  • Password managers: While helpful, if the master password is compromised, all stored passwords are at risk.
  • AI cracking: Artificial intelligence can now crack common passwords in seconds, making traditional password security even less effective.

The Passwordless Future: A More Secure and Convenient Solution

At Nok Nok, we believe the future is passwordless. Passwordless authentication uses things you have (like your phone) or things you are (like your fingerprint) to log you in securely. This eliminates the need for passwords altogether.

Benefits of Going Passwordless

  • Stronger security: With no password to steal or guess, security is significantly improved.
  • Better user experience: Users no longer need to remember multiple passwords or go through password reset processes.
  • Lower costs: Fewer password resets mean less IT support and reduced costs.

How Nok Nok Enables Passwordless Authentication

Nok Nok provides best-of-breed passwordless solutions that make it easy to migrate from legacy to modern authentication methods like FIDO. Our proven platform supports:

  • Passkey authentication: Across the widest range of devices
  • Device-based for added security: Use a mobile device with a native app or a hardware token for authentication.
  • Flexible integration: Works seamlessly with existing apps and systems.

We work with various organizations, including top banks, retailers, and healthcare providers, to help them transition to passwordless authentication.

This World Password Day, consider moving beyond passwords. Let Nok Nok help you embrace a more secure and convenient future. The best password is no password at all. Maybe going forward we should rename this day to World Passkey Day, and eliminate passwords all together.

Read more
30 Apr
4 Min read

Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective

April 30, 2025 Nok Nok News Cybersecurity, Industry News, Passkeys, passwordless authentication 0 comments

Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective

The Verizon 2025 Data Breach Investigations Report (DBIR) paints a clear, urgent, and yet familiar picture: password-related attacks remain the number one threat to organizations worldwide. As a leader in passwordless authentication, here at Nok Nok, we see the findings as both a wake-up call and a validation of our mission to move everyone beyond passwords.

Key Findings: Passwords and Credential Abuse Remain Top Risks

The report highlights several critical points regarding the persistence of credential-based attacks:

  • Stolen Credentials Are the Primary Entry Point: Credential abuse was the initial vector in 22% of breaches globally, making it the single most common way attackers get in. Attackers aren’t hacking their way in-they’re logging in through the front door using stolen, guessed, or leaked passwords.
  • Web Application Attacks Rely on Credentials: A staggering 88% of basic web application attacks involved stolen credentials. This highlights how password reuse and weak password policies continue to undermine security.
  • Phishing and Social Engineering Fuel Credential Theft: Phishing accounted for nearly 25% of breaches, and social engineering remains a top tactic for stealing login information. The median time for a user to click a phishing link was just 21 minutes-far faster than most organizations can detect and respond. Yikes!
  • Infostealers Target Devices and Credentials: 30% of infostealer-compromised systems were enterprise-managed, but 46% were unmanaged, often personal devices used for work (BYOD). This exposes organizations to credential theft outside their direct control.
  • Ransomware and Credentials: Ransomware was present in 44% of breaches, and infostealer logs containing corporate credentials were found in over half of ransomware victims. Credentials are often the first step to a much larger compromise.

Other Notable Trends from the 2025 DBIR

Beyond credential attacks, the DBIR also highlights other significant trends:

  • Exploitation of Vulnerabilities: Exploits targeting unpatched edge devices (like VPNs and firewalls) surged by 34%, now accounting for 20% of breaches. Attackers are increasingly automating the exploitation of known and zero-day vulnerabilities.
  • Third-Party Breaches: The share of breaches involving third parties doubled to 30%, highlighting the risks in supply chains and partner ecosystems.
  • Human Error: Human involvement remains a factor in 60% of breaches, reinforcing the need for user training and better security design.
  • Remediation Gaps: Only 54% of vulnerable edge devices were patched, with a median fix time of 32 days-leaving a wide window for attackers.

Why Passwords Remain the Weak Link

The DBIR’s findings confirm what we at Nok Nok have long argued: passwords are fundamentally flawed as a security mechanism. Attackers exploit them because:

  • They are easily stolen via phishing, malware, or leaks.
  • Users often reuse passwords, at work and at home, across multiple sites.
  • Passwords can be guessed, brute-forced, or found in breached databases.
  • Device and BYOD risks mean credentials can be compromised outside IT’s visibility.

As the report states, “Credential theft continues to be the key to the kingdom in the majority of breaches. And it’s not slowing down”.

The Path Forward: Passwordless Authentication

For organizations looking to break the cycle, the DBIR offers a clear mandate: move beyond passwords. Here’s how Nok Nok recommends responding:

  • Adopt Passwordless, Phishing-Resistant Authentication: FIDO-based authentication(aka passkeys) eliminate the risks of credential theft, phishing, and reuse by removing passwords from the equation.
  • Enforce Strong Access Controls for Devices: Ensure only managed, secure devices can access sensitive systems-especially in BYOD environments.
  • Accelerate Patch Management: Reduce the window for vulnerability exploitation by patching edge devices and VPNs rapidly.
  • Invest in User Training and Real-Time Detection: While technology is critical, user awareness and rapid response to phishing remain essential.

Conclusion: The Time to Act Is Now

The 2025 Verizon DBIR makes it clear: attackers are evolving, but they still rely on the same old trick – stealing passwords. Why? Because it’s the least path of resistance. Why spend time hacking when you can just log in instead? As long as organizations depend on passwords, breaches will continue. At Nok Nok, we believe the solution is simple: eliminate passwords, embrace modern authentication, and close the door on credential-based attacks for good. This gets us out of the arms-race and leap-frogs credential based attacks. If you’re attending Kuppinger Cole EIC 2025, our very own Rolf Lindemann, Vice President, Products, will be speaking to this very topic!  

The future of security is passwordless. Let’s make 2025 the year we finally leave passwords behind.

Read more
29 Apr
3 Min read

Phillip Dunkelberger Recognized as a “Champion in Security” by Portal26 at RSA Conference 2025

April 29, 2025 Nok Nok News Company News, Cybersecurity, Events, Press Release 0 comments

Phillip Dunkelberger Recognized as a “Champion in Security” by Portal26 at RSA Conference 2025

SAN FRANCISCO, April 29, 2025 /PRNewswire-PRWeb/ — Nok Nok, a leader in passwordless authentication for the world’s largest organizations, is pleased to congratulate, Phillip Dunkelberger, CEO of Nok Nok, for being named a Champion in Security for Community by Portal26 during its Third Annual Champions in Security Awards at the 2025 RSA Conference in San Francisco.

The Champions in Security Awards, organized by Portal26, honor cybersecurity professionals who exemplify the values of Respect, Inclusion, Innovation, Community, Collaboration, and Education. This recognition reflects not just individual excellence but the power of collective action in advancing security and resilience in a rapidly changing digital world.

“I’m honored to be selected by my peers, but this recognition isn’t just about me—it’s about the communities I’ve been fortunate to be part of throughout my career,” said Phillip Dunkelberger.

“From helping establish Ethernet specifications during my early days at Xerox, to the passionate international PGP movement, and now to the incredible global community around FIDO, I’ve seen firsthand how real change happens when people come together. Authentication is where cyber criminals start. That’s why we and others invented the FIDO protocol and launched the FIDO Alliance and invented the FIDO protocols to eliminate passwords and to build something better.”

Phillip’s award underscores a legacy of community-driven innovation. Fourteen years ago, he and a group of security visionaries founded the FIDO Alliance, a now-global organization working to eliminate passwords—the weakest link in cybersecurity. FIDO, which began as a bold idea, has since grown into international standards adopted by industry leading companies and governments alike. Today, passkeys are reshaping how billions of people authenticate online and make digital life safer for everyone.

As cyber threats become more sophisticated and AI accelerates both risks and innovation, Nok Nok remains committed to delivering strong, simple, and scalable authentication that protects users and enterprises.

Nok Nok extends its sincere thanks to Portal26 for celebrating the work of those who fight to protect our digital infrastructure. The cybersecurity field is not a singular effort—it is made up of many communities that work across technologies, industry sectors, and borders to defend against evolving threats.

Congratulations to all of this year’s Champions. Your leadership is helping build a safer digital future—for everyone.

About Nok Nok

Nok Nok lets you create safer, faster user experiences with key-based passwordless authentication based on the FIDO and other standards that enable compliance with global user and data privacy regulations. Nok Nok is a leader in passwordless customer authentication and is trusted by the biggest banks, telcos and fintechs including BBVA, Intuit, Motorola Solutions Inc., NTT DOCOMO, Standard Bank, T-Mobile, and Verizon. For more information, visit www.noknok.com.

Media Contact
Kristen Caron, Nok Nok, 1 9784079283, [email protected], https://noknok.com/

Read more
02 Apr
3 Min read

Another Step Towards a Passwordless Future

April 2, 2025 Nok Nok News Cybersecurity, Industry News, Passkeys, passwordless authentication 0 comments

Another Step Towards a Passwordless Future

Microsoft’s announcement that it will be replacing passwords with passkeys for over a billion users by 2025 is huge news for the entire digital security landscape. At Nok Nok, we’re not just excited – we see this as the right approach, and another step on the long-overdue journey toward a passwordless future.

Why Microsoft’s Move Matters
Microsoft’s decision to make passkeys the default sign-in method across its platforms (including Outlook, Xbox, and Microsoft 365) is a powerful endorsement of passwordless authentication.

Here’s why we think it’s so important:

Reach: Microsoft can bring passwordless authentication to a massive audience. Educating their users about the benefits and ease of use of passkeys will accelerate adoption across the board.

Security: Passkeys, built on FIDO standards, offer significantly stronger security than passwords. They are resistant to phishing, keylogging, social engineering, and other common attacks that passwords are vulnerable to. With cyberattacks targeting login credentials on the rise, this enhanced security is purpose-built to meet security needs.

User Experience: Microsoft is focusing on a streamlined sign-up and sign-in process, making passkeys easy to adopt and use. By making the user experience simple and intuitive, they are removing a major barrier to adoption.

Another Nail in the Password Coffin
For years, passwords have been the weakest link in online security. They are hard to remember, easy to guess, and constantly targeted by attackers. The industry has known this for a long time, and we’ve been working towards a better solution. Microsoft’s move is another big step in getting rid of passwords once and for all, leading us closer to a more secure online world.

What This Means for the Industry
Microsoft’s commitment to passkeys will likely have a ripple effect across the industry. As more and more users experience the benefits of passwordless authentication, other companies will be compelled to follow suit. This increased adoption will drive further innovation and standardization in the passkey space, making it easier for everyone to implement and use passwordless solutions.

Why We’re Thrilled Here at Nok Nok
We here at Nok Nok have been a pioneer in passwordless authentication, and we’re excited to see a tech giant like Microsoft championing passkeys. We know that passkeys are the future of authentication. Microsoft’s initiative validates our vision and demonstrates the growing momentum behind passwordless technology. We have been building and deploying FIDO-based passwordless solutions for over a decade and our FIDO-certified solutions are deployed at internet scale to hundreds of millions of global end users. We are ready to support businesses in implementing passkeys and are excited about helping make the internet safer for everyone!

Read more
27 Mar
2 Min read

Enhancing Amazon Cognito with Nok Nok’s FIDO-Certified Authentication

March 27, 2025 Nok Nok News Cybersecurity, E-Commerce, passwordless authentication 0 comments

Enhancing Amazon Cognito with Nok Nok’s FIDO-Certified Authentication

We’ve recently made an exciting announcement about what Nok Nok is doing with Amazon, and we’re proud of it. We’ve made our Nok Nok Authentication Cloud available for Amazon Cognito, directly from AWS Marketplace, which means businesses can easily integrate our exceptional authentication into their Amazon Cognito deployment.

Organizations using Cognito can now make logging in safer and easier. Instead of using passwords, organizations can implement phishing-resistant, FIDO-certified authentication with a seamless user experience through advanced technologies and adaptive security measures. Our Nok Nok Authentication Cloud prevents account takeover and fraud while offering a frictionless login experience tailored to modern security needs.

What’s really cool and the best part about the integration is that Nok Nok Authentication Cloud makes it easy to transition from legacy methods to modern FIDO-based passkey authentication, simplifying the complexities across platforms and devices. This means organizations can take advantage of features like adaptive authentication policies, which, once configured, will adjust authentication paths based on contextual data like existing credentials, device type, device health, and location. This flexibility allows Amazon Cognito customers to select the authentication options best suited to their application ecosystems while ensuring they stay ahead of evolving cybersecurity standards.

This is a big deal for organizations using Amazon Cognito because it simplifies the process of implementing secure authentication. They can get it directly from the AWS Marketplace, which makes it easy to set up and manage, helping them stay ahead of evolving cybersecurity threats.

We’re proud to have our Nok Nok Authentication Cloud available to Amazon Cognito users because it will help these organizations combine security with a smoother user experience. And since it’s integrated with the marketplace, it’s easy for companies to purchase, adopt, and use.

If you’d like more information, please check out this integration video and contact us via the form below.

Read more
27 Feb
4 Min read

Navigating Cybersecurity in Operational Technology: Insights from the Joint Cyber Defense Collaborative

February 27, 2025 Nok Nok News Cybersecurity, S3 Authentication Suite 0 comments

Navigating Cybersecurity in Operational Technology:
Insights from the Joint Cyber Defense Collaborative

 

The Joint Cyber Defense Collaborative (JCDC) released an important document titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This collaborative effort involves major players in cybersecurity, including the Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Federal Office for Information Security (BSI), the UK National Cyber Security Centre, and the European Commission. The document is a significant step towards enhancing the cybersecurity posture for operational technology (OT) environments, which are increasingly vulnerable to cyber threats.

Some key takeaways from the document:
The JCDC’s recommendations provide a roadmap for OT owners and operators to make informed decisions when selecting digital products. Here are two critical points highlighted in the document:

1. Phishing-Resistant Multi-Factor Authentication (MFA)
One of the standout recommendations is the call for buyers to prioritize products that include phishing-resistant multi-factor authentication (MFA) in their baseline versions, underscoring the importance of robust authentication mechanisms in today’s threat landscape:

● Selection criteria: The baseline version of the product supports role-based access control (RBAC) and multifactor authentication (MFA), particularly for changes to safety-critical equipment.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate the use of shared role-based passwords in their products? Is MFA included in the baseline version?

● Why this matters: Strong authentication allows for defense-in-depth and enables identity and access management best practices.

For organizations looking to comply with this guidance, solutions like the Nok Nok S3 Suite, the Authentication Cloud, and the IoT SDK are excellent options. These products offer advanced authentication capabilities that help mitigate the risk of phishing and man-in-the-middle attacks, ensuring that only authorized users can access critical systems and data. Implementing such solutions is a proactive step towards safeguarding operational technology environments.

2. Elimination of Default Passwords
Another critical focus of the document is the elimination of default passwords, which is listed as a key aim to achieve “Secure by Design” practices. Default passwords are often a weak link in cybersecurity, providing an easy entry point for malicious actors. The document stresses the need for organizations to move away from these vulnerabilities and adopt more secure password practices:

● Selection criteria: The product is delivered secure out of the box, resilient against the most prevalent threats and vulnerabilities, without requiring additional configuration from users or administrators.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate default passwords?

● Why this matters: Insecure default settings expose asset owners to more risk and increase security costs.

Using the Nok Nok IoT SDK can significantly aid operational technology operators in this endeavor. The SDK facilitates the implementation of phishing-resistant authentication methods that do not rely on default passwords, thus enhancing the overall security of IoT devices and systems. By leveraging such technology, organizations can ensure that their OT environments are better protected against unauthorized access.

The Importance of Cybersecurity in Operational Technology
As operational technology systems become more interconnected and reliant on digital products, the need for robust cybersecurity measures has never been more critical. The recommendations put forth by the JCDC are not just best practices; they represent a foundational shift towards a security-first approach in the selection and implementation of digital products.
By prioritizing phishing-resistant MFA and eliminating default passwords, OT owners and operators can build a more resilient infrastructure capable of withstanding evolving cyber threats. The guidance provided in the JCDC’s document serves as a valuable resource for organizations looking to enhance their cybersecurity strategies and protect their critical assets.

Conclusion
The publication of “Secure by Demand” marks a pivotal moment for organizations involved in operational technology. As cyber threats continue to evolve, the emphasis on secure design principles and robust authentication mechanisms cannot be overstated. By following the recommendations of the JCDC and integrating solutions like the Nok Nok S3 Suite and IoT SDK, organizations can take substantial steps towards fortifying their defenses and ensuring the integrity of their operational technology environments. In a digital landscape fraught with risks, being proactive about cybersecurity is not just an option; it’s a necessity.

 

Read more
23 Jan
3 Min read

Let’s Stop Kidding Ourselves: My Anti-Predictions for 2025

January 23, 2025 Phil Dunkelberger Cybersecurity, Opinion 0 comments

Let’s Stop Kidding Ourselves: My Anti-Predictions for 2025

By Phil Dunkelberger

I’ve been making cybersecurity predictions for decades. Here’s what I’ve learned: we’ve been consistently wrong – not about things getting bad, but about just how bad they’d really get. Most of the predictions have been wrong by magnitude. It’s worse than we ever thought it could be.

So, let’s not sugar coat it. Let’s talk about some harsh realities we’ll face in 2025:

Government Infrastructure at the Breaking Point
Our government systems have reached a critical juncture. The 30-year-old PIV card and CAC systems are good places to start thinking differently about how we can improve the status quo. In 2025, there’s no more kicking this can down the road; modernization is critical as recognized in the recent executive order from former President Biden.

The Death of Passwords
SMS OTP is really bad. It’s been actively exploited by hackers for years, with countless examples of SMS harvesting across the internet. Antiquated security and people buying into those ideas is worse than no security at all. 2025 will be the year passkeys move from buzzword to baseline, not because we want them, but because we absolutely need them. The old authentication playbook isn’t just outdated – it’s dangerous.

The Breach Fatigue Crisis
The breaches are more egregious, they’re more damaging yet appear like the classified ads in the back of a newspaper now, if anybody remembers newspapers. We’ve become numb to it. The numbers don’t lie – breaches are up 30% from last year, but our collective will to address root causes diminishes. Information is currency, and we’re hemorrhaging it as we’ve seen for years in data breach cost studies.

The End of Manual Security
You can look at any major company now – their systems that give us efficiency and openness are great, but they come with massive risks. 2025 will be the year we finally admit that human-scale security is dead. The battle lines are being drawn between those who can automate security at scale and those who will become headlines for their lack of readiness.

The Stakes Have Never Been Higher
The whole point of these systems that we use every day for business or personal use – from banking to healthcare to the defense of the country – is that it is all part of our critical infrastructure now. All of those systems are built on these evolving electronic systems. Every compromised authentication system becomes a potential funding stream for hostile actors. The transformation from cybercrime to nation state tools – as many writers and pundits have been covering for years – has happened under the noses of those not paying attention.

I’ve been singing the same song for a lot of years. But, here’s what makes 2025 different: we’re not playing for table stakes anymore. These aren’t dumpster divers we’re defending against. The scams will continue, and they’re now on a pace and scale we’ve never experienced before.

One prediction I know that I can make with absolute certainty? If we don’t fundamentally change our approach, it’s going to get worse. And that’s not fear-mongering – that’s reality based on decades of watching the same patterns repeat with increasingly devastating consequences.

The question for 2025 isn’t whether we’ll see more breaches – we will. The question is whether we’ll finally do something about it.

Read more
29 Jan
6 Min read

2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train

January 29, 2024 Phil Dunkelberger Cybersecurity, Opinion 0 comments

2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train

By Phil Dunkelberger

Why is the security industry still thriving, why do we have so many claiming to be the ultimate protector of your precious data? Maybe there is a reason why malware seems to be multiplying. In January 2020, just before the pandemic I was a guest speaker at CES, I talked about how in 2019 just over 8 billion devices connected to the internet. As of the end of 2023 that number has almost doubled to 15 billion devices. That is people and things connecting and accessing data – all of which need to be authenticated and protected. This is why phishing, malware and other bad actors make the security industry so necessary and important.

So, as we lean in into 2024, it’s time to see what might be in store for this ever-evolving realm of digital defense. Spoiler alert: it’s a mixed bag of consolidation, ROI pressure, AI hype, and regulatory crackdowns. While you may be looking for the silver bullet, there is no cure for constant vigilance training and awareness of security issues.

1. Further Consolidation? Groundbreaking!

We can’t avoid it, it is almost a constant now in our industry – consolidation. It’s like a never-ending game of cybersecurity Tetris, where the bigger players gobble up the smaller ones, and we all pretend to be surprised. What’s next? Well, expect even more consolidation (remember Symantec or McAfee), especially among companies dabbling in machine learning, AI, and encryption. First quarter of 2023 alone there were 10 announced consolidations! But what started out looking like a lot of activity, overall 2023 was actually a slow year for M&A in the security industry. 

You see, there are so many of them out there, all claiming to be the superheroes of security. But here’s the rub: they often have overlapping technologies, creating a cacophony of confusion for customers. So, it’s survival of the fittest, and the biggest fish in the cyber-pond will swallow up the minnows. Just remember, when your favorite cybersecurity startup disappears, it’s probably because they got gobbled up by a larger fish. Bon appétit!

2. ROI: Prove It or Move It

So when the M&A market is slow, as a company you need to focus more on proving ROI so you can garner customers – the pressure is on. Gone are the days when a snazzy logo and some jargon-filled marketing materials were enough to convince businesses to part with their precious dollars for cybersecurity solutions. In 2024, the name of the game is “Show me the money!” or more accurately, “Show me the ROI!”

It’s not enough for companies to claim they can save you from cyber-calamities; they’ll need to demonstrate real-world results. No more smoke and mirrors, folks. Cybersecurity providers will be under intense pressure to prove the effectiveness of their solutions. Fancy algorithms and buzzwords won’t cut it anymore. If they can’t show how they’re actually preventing breaches or mitigating threats, they might as well pack up their snake oil and hit the road.

There will also be the need to demonstrate ROI across more teams within your overall organization. Gone is the day that the CISO alone can make the decision. With so many projects in motion with companies and security needing to integrate into almost every application – the “Prove it and Show me” tour internally is a longer road.

3. AI and Machine Learning: Hype and Reality in a Three Sided Coin?

AI and machine learning, the darling buzzwords of the tech world. Every cybersecurity company wants you to believe that they’ve trained an army of sentient robots ready to defend your data. But hold your cyber-horses, because in 2024, the AI hype train might just run out of steam.

Sure, AI and ML have their place in cybersecurity, but they’re not the magical panaceas some claim them to be. Their effectiveness needs to be proven in real-world scenarios, not just in glossy brochures. So, while companies will continue to ride the AI wave, users should keep their skepticism shields up. After all, no algorithm can replace good old-fashioned human vigilance and common sense when it comes to staying secure.

Be forewarned – AI is a three sided coin. There absolutely is benefit in AI that both the attacker and defender need to learn how to take advantage of – but it is the one who learns best to take advantage of the “edge” – finds the margin – that will win using AI in the security world. 

4. Regulatory and Privacy Demands: Brace for Impact

Now, here’s the sobering part of our prediction party – on a global and regional basis. Brace yourselves for more regulatory and privacy demands in the cybersecurity landscape worldwide. Meeting regulatory requirements is no longer a broad checkbox item, it is regionally and vertically critical that security vendors address the regulations. As if navigating the labyrinth of cybersecurity compliance wasn’t already fun enough, we can expect even more rigorous standards and potentially more severe consequences for companies that fall short.

This too is not unlike the consolidation shifts we see every so often – this is a pendulum swing that follows the pace of new technology. We see AI burst onto the scene along comes regulation, some might call it a knee-jerk reaction but when you are dealing with personal identifiable information (PII) or corporate information – intellectual property (IP) – the road is complex. We have some examples that have helped along the way like PSD2, the FIDO standard and the recent introduction of passkeys. But there is a long way to go. Just as seatbelts (or airbags) didn’t stop people from being injured in car accidents.

With cyber-threats becoming more sophisticated and data breaches making headlines, governments and regulators need to be on top of the latest new technologies.. They want to ensure that companies take data protection seriously. So, don’t be surprised if you find yourself buried in a mountain of compliance paperwork and facing hefty fines for non-compliance. It’s the price we pay for playing in the digital sandbox, folks.

The security industry in 2024 promises to be a whirlwind of further consolidation, ROI scrutiny, AI skepticism, and regulatory headaches. As businesses and individuals rely more than ever on digital platforms, the pressure on the cybersecurity industry to deliver real, measurable results is mounting. While there may be challenges ahead, it’s all in the name of keeping our digital world safe. So, stay vigilant, demand proof, and keep your cybersecurity wits about you in this brave new era of digital defense.

Read more
31 Oct
4 Min read

Top 6 Considerations to Build vs. Buy FIDO-based Passkeys

October 31, 2023 Nok Nok News Cybersecurity 0 comments

Here we are at the end of Cybersecurity Awareness Month, and you’ve heard  vendors declare how their solutions can help make you and your enterprise safe. There is a lot to consider and maybe you are thinking you can solve the problem on your own – and go the  “build vs. buy” route. Let’s look at the considerations when it comes to adopting the cutting-edge FIDO-based passkeys as the decision carries considerable weight and potential consequences.

When organizations contemplate the implementation of passkeys as an alternative to traditional passwords, they often start by focusing on the Minimum Viable Product (MVP). However, the real challenge lies beyond the MVP—the unknowns that come with version 1.1 and beyond. The technology landscape is constantly evolving, demanding adaptability and scalability. This is when the decision between starting from scratch and leveraging experienced vendors becomes critical.

Here are 6 considerations for your decision-making process:

1. Completeness: Beyond the Minimum Viable Product

Building a passkey solution from scratch may seem like an attractive proposition, especially for the sake of cost-effectiveness and fitting into existing infrastructure. However, it’s crucial to consider the road beyond the Minimum Viable Product (MVP). Rapid technological advancements necessitate staying up-to-date and future-ready. Vendors with experience in passwordless authentication solutions not only offer  much more than a MVP but also pave the way for future expansions and improvements, helping organizations avoid technological dead-ends.

2. Support for Diverse Environments: Native Apps, Web Apps, Devices, and Regulatory Requirements

The ability of passkeys to seamlessly integrate across diverse environments is a fundamental requirement. Most established vendors excel in providing such integration, saving organizations time and resources. In contrast, building this integration in-house can be time-consuming and expensive, especially when compliance requirements need to be addressed. Dedicated passwordless authentication vendors bring years of experience, ensuring compatibility across a wide range of devices and regulatory environments.

3. Seamless Integration and Backend Infrastructure Support

The tech landscape is no longer homogeneous. Maintaining compatibility across various hardware and software versions can be a significant challenge when building in-house. Dedicated vendors can simplify this process by integrating seamlessly with an organization’s existing backend infrastructure, including cloud Hardware Security Modules (HSMs) and Secret Stores. This integration capability minimizes extensive code changes.

4. Maintenance Challenges: Keeping Pace with Specifications

Staying abreast of evolving FIDO and WebAuthn specifications is crucial for passkey solutions. Organizations often underestimate the effort and resources required for ongoing maintenance when building in-house. Partnering with experienced authentication vendors ensures that passkey features remain up-to-date, reducing maintenance burdens and allowing organizations to stay focused on their core objectives.

5. Reducing Development Risks and Project Failures

Homegrown development carries inherent unknown unknowns, particularly when implementing a paradigm like passkeys for the first time. Organizations may overlook critical factors or encounter unexpected challenges, resulting in higher costs, delays, or compromises on user experience. Partnering with an established passwordless authentication provider mitigates these risks by leveraging their extensive experience and lessons learned from successful passkey deployments.

6. Capitalizing on Investment and Experience

While building a passkey solution independently may seem appealing from a cost perspective, it often fails to account for hidden expenses and missed opportunities. Unknown unknowns can be costly both in terms of time and money. Leveraging a vendor like Nok Nok, with expertise and a wealth of investment in FIDO-based implementations, ensures a smoother fit into existing infrastructure and access to valuable intellectual property.

Conclusion

While building a solution from scratch may appear cost-effective or a better fit for existing infrastructure, it often underestimates the maintenance challenges, development risks, and missed opportunities. By leveraging a traditional passwordless vendor’s comprehensive passkey features, organizations can ensure a complete, scalable, secure, and future-proof implementation, benefiting from the expertise and investment of a trusted industry leader.

Read more
    12

Contact Us

Nok Nok, Inc.
2890 Zanker Rd #203
San Jose, CA 95134

(650) 433-1300

[email protected]

Get Google Maps Directions

Contact and Subscribe

* indicates required

Latest Posts

  • Protecting Critical Healthcare Data Requires Strong Leadership
  • World Password Day: Time to Ditch Passwords for Good?
  • Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective
  • Phillip Dunkelberger Recognized as a “Champion in Security” by Portal26 at RSA Conference 2025

Navigation

  • Subscribe
  • Careers
  • Resources
  • Support

Nok Nok Labs, Nok Nok, and NNL are all trademarks of Nok Nok Labs, Inc. © 2025 Nok Nok Labs, Inc.
FIDO is a trademark of the Fast IDentity Online, (FIDO), Alliance. All rights reserved.
Terms Of Use and Privacy Policy

 

Demo
Free Trial
Videos
Contact Us
Support

Contact Us: (650) 433-1300 • [email protected]

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}

Please complete this form to view and download this resource.

Submit to Download Forms

* indicates required

[mc4wp_form id=”18773″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18790″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18789″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18788″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18787″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18786″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18785″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18784″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18783″]

MUFG-800×600

“Transactions using mobile devices are rapidly spreading and it is essential to support both usability and security. By combining Hitachi’s abundant system development capabilities and know-how in the financial system and security related fields, and Nok Nok’s globally deployed and proven FIDO certified products, we achieved this compatibility, which led to this adoption.”

– Mr. Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.

 

The M in MUFG stands for Mitsubishi, which is a combination of the words mitsu and hishi. Mitsu means three. Hishi means water chestnut, and the word denotes a rhombus or diamond shape.  In partnership with Hitachi, MUFG has enabled passwordless authentication solutions across many of the bank’s apps and services.

Coverage In The Paypers
Coverage In Finextra
intuit

“As an early adopter of FIDO, we’ve seen significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”

– Rakan Khalid, Group Product Manager, Identity.

 

Intuit has delivered passwordless authentication across mobile applications and devices using Nok Nok’s S3 Suite. The results have reduced customer friction in their Intuit application experience.

Read The Nok Nok Intuit Case Study
Watch the FIDO Alliance Webinar: The Right Mix
Watch Marcio Mello discuss Intuit’s Nok Nok implementation at Identiverse 2019:
docomo-800×600

“DOCOMO is a worldwide innovator in providing its millions of customers with simple and strong authentication backed by a standards-based approach.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

As one of Nok Nok’s earliest customers, NTT DOCOMO became the first carrier to offer a billing system that is enabled by FIDO, the first to offer a federated Identity system integrated FIDO, and was the first to offer a mobile device that authenticates via the iris biometric modality.

Coverage In Find Biometrics
Coverage In Telecompaper
bbva-800×600-2

“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security standards, along with a transparent and agile user experience.”

– Juan Francisco Losa, Global Technology & Information Security Officer.

Nok Nok partnered with banking leader, BBVA to improve the security and user experience of the bank’s mobile banking services through state-of-the-art biometric capabilities.

Coverage In American Banker
Coverage In Planet Biometrics
Softbank-800×600-1

“We can no longer rely on passwords for our financial or other sensitive transactions as they are weak, forgotten and easily hacked. We are very pleased with SoftBank’s decision to choose our standards-based authentication platform for their millions of customers.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

Millions of SoftBank’s mobile subscribers now have the ability to use biometrics for authentication through the mobile application “My SoftBank Plus”. With this implementation, SoftBank’s mobile users access data with the My SoftBank service using biometrics for a frictionless, simple and fast authentication experience.

Coverage In Mobile ID World
Coverage In Planet Biometrics
Coverage In The Paypers
Aflac-Japan-800×600-1

“Aflac is the first Japanese insurance provider to deploy a FIDO-certified solution, and we would like to continue collaborating with Nok Nok Labs to introduce it to banks, insurance industry and other industries.”

– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.

With the Nok Nok S3 Suite, Fujitsu has provided Aflac customers with strong authentication to their mobile claims payment application using any biometrics on their iOS and Android devices. The solution also provides Aflac and their customers with a scalable method to authenticate users that is interoperable with their existing security environments and reduces or eliminates the reliance on usernames and passwords.

Coverage In Find Biometrics
Coverage In Find Authority
lichtenstein-800×600-1

“For our customers, we only use the most secure products on the market that meet their requirements. Nok Nok perfectly aligns within our product portfolio and we are proud of the very trusted partnership.”

– Lukas Praml, CEO of YOUNIQX.

 

YOUNIQX Identity AG, the award-winning subsidiary of the Austrian State Printing House (OeSD) and Nok Nok partnered to deliver a electronic identity system (eID) for the citizens of the country of Liechtenstein.  This deployment represents the first time that Nok Nok’s FIDO platform has been used to deliver an eID.

FUN FACT
As of 2009 Liechtenstein’s per capita income was $139,100, the highest of any country in the world.

Learn How FIDO Supports EIDAS Regulation
Coverage In Mobile ID World
Coverage In The Paypers
Coverage In Biometric Update
Gallagher-800×600-1

“Nok Nok’s state-of-the-art, standards-based platform will deliver a tremendous user experience,”

– Steve Bell, Chief Technology Officer at Gallagher

When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company.  Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.

Coverage In Biometric Update
Coverage In Mobile ID World
Coverage In Planet Biometrics
tmobile-800×600-1

“Our Forgot Password flows were running at about 65%. After we rolled out FIDO by Nok Nok, our forgot passwords dropped to 7%.”

Michael Engan, T-Mobile

 

Using the Nok Nok S3 Suite, T-Mobile has become a leader in carrier adoption of passwordless authentication. Their solutions have reduced forgotten passwords and dramatically improved customer satisfaction.

Watch Michael Engan from T-Mobile talk about their implementation of Nok Nok’s S3 Authentication Suite at Identiverse 2019.

  • 日本語