Security News > 2021 > July > Platform or roaming FIDO2 authenticators: Which one is right for your workforce?

Platform or roaming FIDO2 authenticators: Which one is right for your workforce?
2021-07-05 05:00

In FIDO2 multi-factor authentication, platform authenticators aim to be the answer to our usability woes, but do they improve the user experience and are they enterprise ready? In this article, we'll dive into the world of FIDO2 authenticators, the problems that still exist and how these create major roadblocks for enterprises widely adopting FIDO2.

FIDO2 improves on U2F in many ways, but arguably the most important is the introduction of the platform authenticator, which aims to solve the usability problems.

A platform authenticator is a software "Virtual Security Key" built on top of a platform that has access to an embedded secure crypto-coprocessor.

One fundamental problem with platform authenticators is that keys are not portable.

How do I securely authenticate with FIDO2 on my iPhone if my only FIDO2 credential is a platform authenticator on my MacBook? The reality is that this forces websites to support other forms of authentication, which opens the user up to a phishing attack by way of factor downgrade.

We have these two authenticator technologies: a roaming security key and built-in, software-based, crypto-coprocessor-backed platform authenticators.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/bjpYIngmEII/