The FIDO Standard: March Edition

SC Media: GitHub to roll out 2FA for all contributors starting March 13

GitHub will begin its official rollout of two-factor authentication for developers who contribute code on the platform, starting March 13. GitHub added that it will support SMS text messages as a second factor, while testing FIDO Alliance passkeys internally to improve the security posture. “It is true that SMS 2FA can be easily phished by hackers as it relies on knowledge-based credentials. But GitHub recognizes these risks and strongly recommends using security keys and TOTPS wherever possible for greater security – [and] will continue to offer SMS for 2FA – which is better than removing the option entirely,” said Andrew Shikiar, executive director of the FIDO Alliance. >>Read more

SC Media: What should Musk do to better secure Twitter users after 2FA goes away???

While Twitter CEO Elon Musk has defended the move to ban 2FA for non-subscribers as a way to protect user security, most leaders aren’t buying it. “Just from a purely pragmatic standpoint, this is basically stripping away the lowest threshold of 2FA out there without any sort of viable or easy replacement,” said Andrew Shikiar, executive director of the FIDO Alliance. As Shikiar sees it, Twitter could have told users that they’re removing OTP but educating users on passkeys, which are safer and built into Android and iOS devices. >>Read more

Communications of the ACM: Passkeys unlock a new era for authentication

Until recently, replacing passwords has ranked somewhere between tricky and impossible. Passkeys completely eliminate passwords, and while they won’t end cyberattacks, they represent a far more convenient and secure framework to navigate the digital world. “Legacy frameworks, including some forms of two-factor authentication, depend on a human-readable and shared secret. This makes them highly susceptible to attack and relatively easy to bypass,” explains Andrew Shikiar, executive director of the FIDO Alliance. >>Read more

L'Eclaireur FNAC: How password managers are preparing for a future ... without passwords

Passwordless authentication has the potential to continue to grow in 2023. In any case, the tech giants, Microsoft, Google and Apple in the lead, within the FIDO Alliance, are doing everything to ensure that the adoption happens as soon as possible. To quickly summarize what we had already explained previously, authentication without passwords, or passwordless , has, as its name suggests, the purpose of allowing you to connect to sites and services without passwords. >>Read more

Journal du Net: Digital accessibility: Why CIOs should make it a priority???

In this byline, Andrew Shikiar explains how simple and safe digital accessibility is an essential human right today. >>Read more

Authenticate 2023 Call for Speakers Closes this Friday, April 7!

Are you ready to share your authentication expertise, best practices and case studies? Submit to speak by Friday, April 7 at the only conference dedicated to user authentication – with a focus on FIDO sign-ins with passkeys. Authenticate provides speakers with an opportunity to increase visibility, educate on in-market solutions, and network with the community involved in modern authentication. ?

Authenticate 2023 will be held on October 16-18, 2023?at the Omni La Costa Resort in beautiful Carlsbad, CA, just outside of San Diego. Join us by submitting your presentation topic today!?

Authenticate Virtual Summit: Assets Available!

Thank you for attending our Authenticate Virtual Summit. We hope you gained a better understanding on how to leverage FIDO, passkeys and related technologies for more secure and convenient sign-ins across employee and customer services. Registrants can watch the presentation on-demand by visiting the event platform . Plus, read the blog for a full recap.

Be sure to share the presentation with your colleagues and customers. Plus, learn more about FIDO authentication and passkeys !

*NEW* Case Study! See how Cloudflare embraced FIDO to help improve its own security

Cloudflare is one of the world’s most deployed security and content delivery platforms. Cloudflare’s products include a range of services including web performance, application network, zero trust and developer services.

From OTP to unphishable FIDO authentication

As part of its migration to a zero trust architecture, starting in 2018 Cloudflare began its usage of FIDO based security keys. The goal behind using FIDO2 was to provide strong authentication that would enable Cloudflare’s zero trust model. After many barriers and challenges, Cloudflare made the switch to requiring FIDO security keys across its network.

Read the full Cloudflare case study by visiting the Knowledge Base on our website.

"What is FIDO?" FIDO Authentication is the answer to the world's password problem!

With FIDO Authentication, users sign in with phishing resistant credentials, called passkeys.?Passkeys ?can be synced across devices or bound to a platform or security key and enable password-only logins to be replaced with secure and fast login experiences across websites and apps.

Learn more about FIDO Authentication by visiting our recently updated "What is FIDO?"?landing page .

FIDO Certified Showcase, highlight your company's products and services!

The?FIDO Company Showcase ?highlights FIDO Alliance members and their FIDO Certified solutions. The Showcase is a great resource if companies are looking to deploy FIDO.?

Contact us at?[email protected] , and learn how to highlight your company's?FIDO Certified solutions to be featured on the FIDO Alliance website!