ロルフ・リンデマン博士とFIDOアライアンスは、2024年7月15日午後1時25分から1時45分まで、ミュンヘンでパスキーに関する包括的なセミナーを開催します。このセミナーでは、パスワードレス技術の現状、パスキーの仕組み、メリット、ケーススタディに関する詳細なディスカッション、自動車や決済のユースケースを含む各分野における実践的な実装戦略や留意点について解説します。
参加者はまた、オープンな質疑応答やネットワーキングを通じて、現在FIDO技術を導入している人々と直接交流する機会もあり、さらに、デモを見たり、パスキーの導入を前進させるのに役立つ専門家に会う機会もある。
FIDOアライアンスが大阪で開催する1日セミナーに参加し、パスキーについて包括的に掘り下げます。このセミナーでは、パスワードレス技術の現状、パスキーの仕組み、メリット、実践的な実装戦略と考慮点、規制上の考慮点、ケーススタディについて深く掘り下げます。参加者はまた、オープンな質疑応答やネットワーキングを通じて、現在FIDO技術を導入している人々と直接交流し、自身のパスキー導入を前進させる方法について直接洞察を得る機会もあります。この分野の経験豊富なプロフェッショナルであれ、パスワードレス技術の可能性に興味を持つ新参者であれ、このセミナーは有益で魅力的な体験となることをお約束します。
2024年における認証の現状:過去のパスワードから見る世界の進歩
5月8日(水)午後1時15分から5時15分まで、サンフランシスコのモスコーニセンターにて、FIDOアライアンスとその業界関係者とともに、より良いセキュリティとユーザー体験のためのパスワードレス技術への世界的な動きの最新動向について理解を深めましょう。このセミナーの参加者は、FIDOとパスキーの最新情報を知り、パスワードレスでのサインインを提供している企業のケーススタディと達成されたメリットを理解し、自社の実装のためのベストプラクティスを知ることができます。
10月15日(火)午後1時30分~1時55分、カリフォルニア州カールスバッドで開催されるAuthenticate 2024で、Nok NokのRolf Lindemannが「Guarding the Gate: Strategies for High Security with Passkeys」を発表します。
New technologies, especially those that are transformational, get scrutinized – that’s normal. The benefits need to be carefully understood along with any potential drawbacks. The danger to progress however, results from an imbalance in focus … when we place too much emphasis on “edge cases” at the sacrifice of all the benefits.
We miss the forest for the trees.
Passkeys are a perfect example. Passkeys (aka passwordless FIDO credentials) are transformational as an authentication approach. They are phishing-resistant, easy to use, and future proof (open standard supported by the ecosystem). While they are still new to most users, passkeys will quickly become the preferred method of authentication in the same way most users happily adopted Touch ID and Face ID when offered for app sign-in.
Simply put, passkeys are more secure and more convenient than passwords and one-time passwords (OTP):
Although passkeys are vastly more secure and greatly improve the user experience, the attention seems to be focused on the “edge cases” that make them not “perfect”.
Understanding risk is important, but not at the expense of gain.
Imagine all the doors and windows in your house with flimsy padlocks that can be easily snapped off with one kick. You have the opportunity to replace them with a high-security deadbolt system that is resistant to being kicked in. However there is one very tiny window on your 3rd floor that would require a 30 ft ladder and gymnastics across your roof for a thief to reach, but it cannot leverage the new lock system. Since you can’t secure that one window, you decide not to secure any of them.
That’s missing the forest for the trees.
The bottom line is even if you change nothing else, you are greatly reducing your attack surface by implementing passkeys to replace passwords wherever possible. For regulated markets that typically require MFA with strong device binding, you can combine device-bound passkeys with synced passkeys, creating a “trust anchor” to deal with the 3rd floor window.
Nok Nok has all the capabilities and expertise to help you on your journey through the enchanted forest.
In the world of cybersecurity, the federal government sets some of the most stringent requirements for its suppliers. It’s a landscape where only the best can thrive, and Nok Nok, a pioneer in Fast IDentity Online (FIDO) authentication solutions, has emerged as an important supplier. The company recently achieved the coveted Federal Risk and Authorization Management Program (FedRAMP) High authorization through its partnership with UberEther’s IAM Advantage. This achievement follows its DoD Impact Level 5 (IL5) achieved in 2022 and marks a significant milestone in delivering top-notch cybersecurity to federal agencies, partners, and citizens.
Here are the key takeaways from this latest achievement:
1. Federal Government’s Uncompromising Cybersecurity Standards
The federal government has long been known for its uncompromising cybersecurity standards. In response to the 2021 White House Cybersecurity Executive Order and the subsequent call from US Government CISO Jen Easterly for advanced Multi-Factor Authentication (MFA) based on FIDO standards, the demand for cutting-edge cybersecurity capabilities has never been higher. The government is leading the way in adopting the best of breed cybersecurity measures, making it crucial for suppliers to meet these advanced cybersecurity requirements.
2. Nok Nok’s Unique Position: FIDO and More
Nok Nok’s unique position as one of the original creators of FIDO standards sets it apart. The partnership with UberEther has enabled Nok Nok to provide federal agencies with phishing-resistant MFA that not only meets DoD Impact Level 5 (IL5) and FedRAMP High certifications but also complies with the Federal Information Processing Standards (FIPS) and National Institute of Standards and Technology (NIST) standards. This combination of expertise and collaboration empowers federal agencies to meet the highest levels of security and regulatory requirements seamlessly.
3. Streamlining Phishing-Resistant Authentication
Nok Nok’s MFA solution offers an effortless and convenient alternative to traditional Personal Identity Verification (PIV) and Common Access Card (CAC) methods. Leveraging the public key cryptography capabilities of modern endpoint devices such as smartphones and PCs as well as security keys, the solution eliminates the need for additional drivers, middleware, or browser plugins. This approach provides a secure and user-friendly way for employees, contractors, and citizens to access information, all while reducing the vulnerabilities and costs associated with password management.
In Conclusion:
Nok Nok and its partnership with UberEther are at the forefront of delivering advanced cybersecurity solutions to the federal government, setting the gold standard for phishing-resistant MFA. With FedRAMP High authorization, FIPS and NIST compliance, and adherence to FIDO standards, Nok Nok and UberEther are ensuring the highest level of security for federal agency employees, contractors, and citizens. As the digital era continues to evolve, Nok Nok is committed to transcending traditional boundaries and meeting the dynamic cybersecurity needs of our modern society.
Here we are at the end of Cybersecurity Awareness Month, and you’ve heard vendors declare how their solutions can help make you and your enterprise safe. There is a lot to consider and maybe you are thinking you can solve the problem on your own – and go the “build vs. buy” route. Let’s look at the considerations when it comes to adopting the cutting-edge FIDO-based passkeys as the decision carries considerable weight and potential consequences.
When organizations contemplate the implementation of passkeys as an alternative to traditional passwords, they often start by focusing on the Minimum Viable Product (MVP). However, the real challenge lies beyond the MVP—the unknowns that come with version 1.1 and beyond. The technology landscape is constantly evolving, demanding adaptability and scalability. This is when the decision between starting from scratch and leveraging experienced vendors becomes critical.
Here are 6 considerations for your decision-making process:
Building a passkey solution from scratch may seem like an attractive proposition, especially for the sake of cost-effectiveness and fitting into existing infrastructure. However, it’s crucial to consider the road beyond the Minimum Viable Product (MVP). Rapid technological advancements necessitate staying up-to-date and future-ready. Vendors with experience in passwordless authentication solutions not only offer much more than a MVP but also pave the way for future expansions and improvements, helping organizations avoid technological dead-ends.
The ability of passkeys to seamlessly integrate across diverse environments is a fundamental requirement. Most established vendors excel in providing such integration, saving organizations time and resources. In contrast, building this integration in-house can be time-consuming and expensive, especially when compliance requirements need to be addressed. Dedicated passwordless authentication vendors bring years of experience, ensuring compatibility across a wide range of devices and regulatory environments.
The tech landscape is no longer homogeneous. Maintaining compatibility across various hardware and software versions can be a significant challenge when building in-house. Dedicated vendors can simplify this process by integrating seamlessly with an organization’s existing backend infrastructure, including cloud Hardware Security Modules (HSMs) and Secret Stores. This integration capability minimizes extensive code changes.
Staying abreast of evolving FIDO and WebAuthn specifications is crucial for passkey solutions. Organizations often underestimate the effort and resources required for ongoing maintenance when building in-house. Partnering with experienced authentication vendors ensures that passkey features remain up-to-date, reducing maintenance burdens and allowing organizations to stay focused on their core objectives.
Homegrown development carries inherent unknown unknowns, particularly when implementing a paradigm like passkeys for the first time. Organizations may overlook critical factors or encounter unexpected challenges, resulting in higher costs, delays, or compromises on user experience. Partnering with an established passwordless authentication provider mitigates these risks by leveraging their extensive experience and lessons learned from successful passkey deployments.
While building a passkey solution independently may seem appealing from a cost perspective, it often fails to account for hidden expenses and missed opportunities. Unknown unknowns can be costly both in terms of time and money. Leveraging a vendor like Nok Nok, with expertise and a wealth of investment in FIDO-based implementations, ensures a smoother fit into existing infrastructure and access to valuable intellectual property.
Conclusion
While building a solution from scratch may appear cost-effective or a better fit for existing infrastructure, it often underestimates the maintenance challenges, development risks, and missed opportunities. By leveraging a traditional passwordless vendor’s comprehensive passkey features, organizations can ensure a complete, scalable, secure, and future-proof implementation, benefiting from the expertise and investment of a trusted industry leader.
Last week, Nok Nok attended Authenticate 2023, the industry’s only conference dedicated to all aspects of user authentication, with a focus on FIDO. According to a poll, over half of the attendees were new to FIDO, highlighting the growing interest. It was incredible to see how far the industry has come. When the FIDO Alliance was first founded 11 years ago by Nok Nok and 5 other visionary co-founders, passwordless authentication was just a bold theoretical idea. This, however, marked the start of an industry movement to passwordless authentication. With over 600 attendees representing major platforms, vendors, and industries, Authenticate 2023 demonstrated the tremendous momentum and excitement building around passkeys.
Leading up to the conference, Google and Apple made big announcements concerning passkeys. All users signing in to Google accounts will be prompted to create and use passkeys instead of passwords. Similarly, Apple announced their plans to automatically assign a passkey to a user’s Apple ID when it launches iOS 17, iPadOS 17 and macOS Sonoma.
These major industry roll outs signal that passkeys are ready for mainstream adoption everywhere we currently use passwords. There were many sessions on passkey success stories, with practical advice on real-world implementation and deployment considerations.
One key focus at Authenticate 2023 was the importance of optimizing the user experience for passkeys. There were many informative sessions covering how to refine the passkey authentication experience for users. Speakers shared user experience (UX) design principles to keep in mind, accessibility considerations for inclusive authentication, and ideas for balancing strong security with usability in passkey flows. The sessions made clear that while technology may enable passwordless authentication, thoughtfully designing the UX is crucial for driving mass adoption.
With passkeys becoming more widely used, the conference examined deployment challenges, best practices, and lessons learned for a wide range of workforce and consumer-facing use cases. These included fintech (Intuit), media, e-commerce, travel, and gaming. The sessions provided key takeaways for organizations implementing FIDO-based authentication including Nok Nok’s session by Dr. Rolf Lindemann on Strategies for Using Passkeys in Regulated Markets.
Several sessions dove into adoption of FIDO standards and passkeys by government agencies. There was recognition that while Personal Identity Verification (PIV) cards are vital for government use cases, FIDO has an important role to play in addressing gaps where PIV cards are not viable. These insights highlighted the complementary value and growing role passkeys are playing in public sector digital transformation. For more information, see the recently published FIDO Alliance Guidance for the US Government.
From major platform announcements to real-world deployment lessons learned, Authenticate 2023 showcased the enormous progress and potential of passwordless FIDO-based authentication. As passkeys and FIDO standards continue to gain momentum, the conference provides valuable insights for any organization implementing modern authentication.
Last month, Nok Nok Labs attended the White House Multifactor Authentication (MFA) Modernization Symposium. This event brought together government and industry leaders to discuss how to achieve full adoption of MFA across federal agencies, as called for in the Executive Order on Improving the Nation’s Cybersecurity.
Many government agencies currently rely on Personal Identity Verification (PIV) and Common Access (CAC) cards for employee authentication. However, these smart cards are not always convenient for remote access and everyday use. Connecting to a separate card reader can negatively impact user experience. As Deputy National Security Advisor Anne Neuberger noted, government policies should not create barriers to MFA adoption.
There was broad consensus among participants at the symposium that to fully implement MFA, the government needs to move beyond legacy technologies and embrace advanced standards like passkeys. Passkeys are a modern type of credential that can help government agencies finally achieve comprehensive MFA deployment. With passkeys, users authenticate using a cryptographic key pair stored on their device, rather than typing in a password, providing phishing-resistant security without the usability drawbacks of traditional second factors. Passkeys are already supported across major platforms and browsers and can be bound to a single device or synced across multiple devices, making them a practical path to securing access for employees, contractors, and citizens across all applications and environments.
It is clear that the transition to full MFA adoption will take thoughtful planning and cannot happen overnight. With over a decade of experience in authentication and as a founding member of the FIDO Alliance, Nok Nok Labs is well prepared to assist agencies throughout this process of transitioning to full MFA adoption. We understand the unique needs of the government and have solutions to deliver robust security and usability at scale.
While modernizing authentication is no small task, the White House symposium reiterated that it must be a priority if we are to defend our digital infrastructure in today’s threat environment. Public-private collaboration will be key to overcoming roadblocks on the path ahead. Nok Nok Labs looks forward to continuing to work with our partners across government as we chart the course to a passwordless future and a more secure online experience.
Authenticate 2022、ファイドー会議。登録が開始され、#Authenticate2022のアジェンダが公開されました!ADP、@Citi、@Google、@Microsoft、@Targetなどのセッションがあります。アジェンダをチェックし 登録はこちらから.
「モバイル端末を利用した取引は急速に普及しており、利便性とセキュリティの両立が不可欠です。日立の金融システムやセキュリティ関連分野における豊富なシステム開発力とノウハウ、そしてグローバルに展開し、実績のあるNok Nok LabsのFIDO認証製品を組み合わせることで、その両立を実現し、今回の採用に至りました。」
– Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.
MUFGのMはMitsubishiの略で、mitsuとhishiを組み合わせた造語である。ミツは3。菱は菱の実を意味し、ひし形や菱形を表す言葉である。 日立とのパートナーシップにより、MUFGは銀行の多くのアプリやサービスにおいてパスワードレス認証ソリューションを実現している。
「FIDOのアーリーアダプターとして、私たちは大きなビジネス効果を実感しており、パートナーであるNok Nokとともに最新のFIDOイノベーションを活用し続けることに完全に賛同しています。
– Rakan Khalid, Group Product Manager, Identity.
IntuitはNok NokのS3 Suiteを利用して、モバイル・アプリケーションとデバイスにパスワードレス認証を導入しました。その結果、顧客のIntuitアプリケーション体験における摩擦が軽減されました。
「ドコモは、標準ベースのアプローチに裏打ちされたシンプルで強力な認証を数百万人の顧客に提供する世界的なイノベーターである。
– Phillip Dunkelberger, President & CEO of Nok Nok Labs.
Nok Nokの初期の顧客の1社であるNTTドコモは、FIDOを利用した課金システムを提供した最初の通信事業者であり、FIDOを統合した統合IDシステムを提供した最初の通信事業者であり、虹彩生体認証を利用したモバイルデバイスを提供した最初の通信事業者です。
「従来、認証システムの最大の課題のひとつは、セキュリティとユーザー体験のバランスをとることでした。FIDO標準のおかげで、両要素がシームレスに連携し、透明性のある迅速なユーザー体験とともに、最高水準のセキュリティを顧客に提供できると確信しています。」
– Juan Francisco Losa, Global Technology & Information Security Officer.
Nok Nokは銀行業界のリーダーであるBBVAと提携し、最先端の生体認証機能を通じて同行のモバイル・バンキング・サービスのセキュリティとユーザー体験を向上させました。
「パスワードは弱く、忘れられやすく、ハッキングされやすいからです。ソフトバンクが数百万人の顧客のために当社の標準ベースの認証プラットフォームを選択したことを非常に喜ばしく思っています。"
– Phillip Dunkelberger, President & CEO of Nok Nok Labs.
ソフトバンクの携帯電話契約者数百万人が、モバイルアプリケーション「My SoftBank Plus」を通じて生体認証を利用できるようになりました。この実装により、ソフトバンクの携帯電話ユーザーは、生体認証を使用してMy SoftBankサービスのデータにアクセスし、摩擦のないシンプルで迅速な認証体験を実現します。
「アフラックは日本の保険会社として初めてFIDO認定ソリューションを導入しました。今後もNok Nok Labsと連携し、銀行や保険業界、その他の業界への導入を進めていきたいと考えています。」
– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.
Nok Nok S3 Suiteにより、富士通はアフラックの顧客に対し、iOSおよびAndroidデバイス上であらゆる生体認証を使用したモバイル保険金支払いアプリケーションにおいての強力な認証を提供しました。このソリューションはまた、アフラックとその顧客に対し、既存のセキュリティ環境と相互運用可能で、ユーザー名とパスワードへの依存を軽減または排除する拡張性のあるユーザー認証方法を提供します。
「私たちのお客様には、その要件を満たす市場で最も安全な製品のみを使用しています。Nok Nok Labsは当社の製品ポートフォリオにぴったり合致しており、非常に信頼できるパートナーシップであると自負しています。」
– Lukas Praml, CEO of YOUNIQX.
オーストリア国立印刷局(OeSD)の子会社で数々の賞を受賞しているYOUNIQX Identity AGとNok Nokは、リヒテンシュタイン国民のための電子IDシステム(eID)を提供するために提携しました。 この導入は、Nok NokのFIDOプラットフォームが電子IDの提供に初めて使用されたことを意味します。
ファン・ファクト
2009年現在、リヒテンシュタインの国民一人当たりの所得は139,100ドルで、世界のどの国よりも高い。
「Nok Nokの最先端の標準ベースのプラットフォームは、素晴らしいユーザー体験を提供します。
Steve Bell, Chief Technology Officer at Gallagher
When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company. Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.
「過去のパスワード忘れは約65%でした。Nok Nok LabsのFIDOソリューションを導入した後、パスワード忘れは7%に減少しました。」
Michael Engan, T-Mobile
Nok Nok S3 Suiteを使用することで、T-Mobileはキャリアにおけるパスワードレス認証導入のリーダー的存在となりました。T-Mobileのソリューションはパスワード忘れを減らし、顧客満足度を劇的に向上させました。
T-MobileのMichael EnganがIdentiverse 2019でNok NokのS3 Authentication Suiteの導入について語ります。