Security News

The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12...

The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers. [...]

A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm...

In this Help Net Security video, Jason Kent, Director at Open Seas, explains why FIDO and passwordless authentication is the future. He dives deep into the technical reasons and explains why physical FIDO authentication is safer than other software/app/SMS solutions.

Today, Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard developed by the World Wide Web Consortium and the FIDO Alliance. "These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords," added Microsoft Identity Division Vice President Alex Simons.

At the heart of the matter: proposed WebAuthn changes that will smooth the traditional security-versus-usability trade-off that users face when considering FIDO. While FIDO can deliver better security, users have hoops to jump through, FIDO said, including the need to adopt a security key - for example, the fobs sold by Yubico - as an authentication device. Nearly a decade ago, FIDO made it its mission to fight stale, plaintext passwords and create a new, interoperable system of authentication technologies.

The FIDO Alliance has been trying to eliminate passwords since its inception in 2012. FIDO has a long history of authentication innovation, being responsible for the USB hardware keys that were everywhere for a while, as well as being part of the team that published the WebAuthn security specification.

LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps.

The FIDO Alliance, which operates with no smaller mission than to "Reduce the world's over-reliance on passwords", has announced the release of new user experience guidelines aimed at bringing the more technophobic on board. Launched back in 2013 as the Fast Identity Online Alliance, the FIDO Alliance aims to do away with passwords altogether through the introduction of standards-compliant "Authenticators" including USB security dongles, fingerprint readers, Trusted Platform Modules and more.

The FIDO Alliance announced its first user experience guidelines and new FIDO2 standards enhancements aimed at accelerating the world's move beyond passwords. The FIDO UX guidelines provide that path, allowing service providers to help consumers understand, adopt and benefit from logging in with FIDO. At the same time, the increase in remote work and subsequent increase in phishing attacks on their infrastructure is accelerating enterprises' digital transformation plans and making strong authentication a priority.