It’s been over two decades since The Bourne Identity, the box office scorcher based on a 1980s fictional character that author Robert Ludlum created—Jason Bourne. Today, it’s sealed as the famed Bourne Series, following four sequels. The first was a telling one etched in thriller buffs’ memories—and it was all about Identity.
Although the last edge-of-the-seat thriller from the Bourne Series was in 2016, the mega question about identity remains even today. And for businesses, it’s all about securing online identity when devices are accessed for work.
What is FIDO (Fast IDentity Online) Authentication?
How can organizations be 100% sure about the identity of a user trying to log in from a device? Conventional user authentication processes involve login credentials where passwords are the mainstay. It worked well for many years.
But with oceans of data in the cloud and penetration of leading-edge technologies into mobile devices, are passwords enough? Don’t forget to throw the venom of cybercriminals in the mix. You got the answer—passwords aren’t enough!
It’s time for organizations to stop being stubborn or digitally dumb. It’s time to embrace a new era—the future of passwords—the passwordless era. This is where FIDO is slated to play a major role. And FIDO is not some flashy new kid on the block—it all began in February 2013 with the coming together of The FIDO Alliance.
FIDO stands for Fast IDentity Online and comprises a set of tech-agnostic specifications to consolidate secure user access and authentication. The sole intention is to develop a robust data/device/endpoint protection mechanism and phase out the glaring dependency on passwords.
The FIDO Alliance consists of notable board members, including Amazon, Google, Apple, Microsoft, Meta, Lenovo, Intel, Qualcomm, Samsung, PayPal, Mastercard, Visa, Thales, and Wells Fargo, to name a few. They also set security specifications and standards for FIDO compliance.
|Did you know that PayPal (in 2007) was the first to introduce multifactor authentication (MFA) via one-time password (OTP), also called a secure key
Though FIDO has a straight connotation on Identity & Access Management (IAM), mobile device management (MDM) also has great significance in the passwordless world of tomorrow in conjunction with FIDO and IAM.
A simple task for you (truth or dare, perhaps). Cross your heart and swear that never in your life have you ever clicked on a “Forgot Password” link. Be honest, please! Let’s contextualize more with a quote from The Bourne Identity—“What a man can’t remember doesn’t exist for him.”
Resetting forgotten passwords is fairly easy and has become a habit for many. We don’t care to remember, and with so much tech and to-dos around our lives, remembering passwords is not a no. 1 priority. Neither is forgetting passwords punishable by any law. Yet, there’s no denying our over-reliance on passwords.
Organizations and their IT and security teams have also been guilty of over-reliant password authentication for user access to devices or data. This over-reliance or dependency on passwords has evident, proven ramifications. As per a Verizon report, stolen or weak passwords caused 82% of data breaches in 2022. That’s a big indication of the need to go passwordless.
Why FIDO Security and How FIDO Authentication Works?
There’re reasons in plenty that make it a compelling objective for organizations to leverage the stellar FIDO security to its fullest, vast potential.
The FIDO authentication process is fast and straightforward.
- Register the device (smartphone, tablet, laptop, etc.) to a FIDO-compliant service
- Get a unique private key for each FIDO-enabled app (backend)
- During every app login attempt, authenticate the private key
The private key is masked via device-based security like biometrics (fingerprint or face recognition) or PIN. In a recent FIDO development, Google now lets users access and authenticate their accounts with private keys (passkeys) instead of passwords. Thus, FIDO takes authenticity and trust a notch higher as users are in absolute control of personal (digital) credentials and identity.
- FIDO uses public key cryptography and MFA to authorize users for app or website access. This eliminates some vicious attack vectors like MITM (Man-in-the-Middle) and phishing.
- FIDO authentication also shields device and data security as the abovementioned private keys are stored on the device, not some server. Therefore, a malicious network or cloud server attack can’t breach these private keys.
- FIDO isolates API-based protocol implementation, reducing developer efforts in generating secure sign-in environments for mobile devices running different hardware and operating systems.
FIDO Authentication Meets MDM
Seamless device management and iron-clad security will continue to be at the forefront of organizations that deploy a mobile device management (MDM) solution. MDM software features have witnessed constant evolution with the widespread device and OS heterogeneity across modern and remote/hybrid workplaces.
The evolution of enterprise mobility leaves a lot of current and future room for the three-way conjunction mentioned at the start—IAM, MDM, and FIDO—all with a common perspective of invoking the passwordless era.
|Read our take on where UEM and IAM will meet in the future.
Passcode Policy and FIDO Security
One of the critical security features of an MDM solution is the ability to set customized passcode policies for managed devices based on user access. This is where there is considerable scope for FIDO integration into passcode policies. FIDO authentication can be enabled for devices that must access apps containing sensitive corporate information or customer data. This will ensure that any user without genuine FIDO authentication for a particular app won’t have the authority to access it.
Geofencing and FIDO U2F
Geofencing is another MDM feature that can offer a lot more through FIDO authentication. FIDO security-enabled geofencing can deny or allow access to devices based on the physical location of users. The UAF (Universal Authentication Framework) and U2F (Universal Second Factor) protocols that FIDO supports make this a possibility.
Here’s how U2F works. The second authentication factor in U2F for authorized access isn’t just some OTP sent to an email or phone number. 4-cm NFC (near-field communication) or USB security token acts as the second factor. This factor blends in with the private key of the FIDO-compliant device to generate a pair key. This pair key is sent to the app backend. The app backend authenticates the pair key to let the associated authorized user access the app.
IT admins can easily set geofence on devices from the MDM dashboard. Users trying to access data-sensitive, FIDO-powered apps from their devices outside this geofence will have to undergo U2F authentication. Thus, without the NFC or USB security token, the sensitive enterprise apps will be impossible to access (no pair key, no access).
Make Jailbreaks Futile with FIDO & U2F
Rooted or jailbroken devices are a grave threat to corporate data security. While current MDM features help prevent OS tampering, the synchronization of MDM, FIDO and U2F can take things to the next level. Any attempt to tarnish the OS of devices can be put to rest using U2F on managed devices that meet FIDO compliance.
Without U2F and the required NFC or USB security token, rooted or jailbroken devices cannot access any network or apps. In short, such devices won’t have any identity.
MDM & FIDO Synergy for the Good
Our identities are elemental to who we are. The same holds true for the devices we use for work. The security mechanisms of data on devices must evolve, and the collaboration between a tech like FIDO and an MDM solution can work wonders for organizations. The future is all about securing user and device identities and data from exploitation.
FIDO and MDM together can defeat identity theft. Present MDM features may not imbibe all that’s discussed above. But it’s on the cards sooner, definitely not later, because there are adequate MFA possibilities already for IT admins using an MDM solution.
Jason Bourne was out on his own in The Bourne Identity to get back his true identity. In the real world, partnerships between The FIDO Alliance and MDM vendors will help organizations eliminate password fixation to bulwark device and user identities. FIDO and MDM can and will be security and privacy game-changers, paving the way for a new passwordless era of online authentication—our true digital identity.
Explore the security booster features of Scalefusion MDM and a true lot more with a 14-day free trial.