If you have been even moderately active with technology and on the internet in the last few years, you probably have a collection of multi-factor methods on your iPhone. Google Authenticator, Microsoft Authenticator, Okta Verify, IBM Verify, or Duo Mobile, just to name a few, may be on your smart phone as the gatekeeper for you to sign into specific applications. Additionally, your SMS history is probably filled with a collection of banking, online shopping and other one-time access codes that allow you to log in to other Internet services. All of this is to say that most people can and do manage many aspects of their lives on their phones; it’s the device they carry with them everywhere and use for everything. It also means that your phone contains much of the personal information that is the key to your identity and your life.
Not only does your phone house much information about you but these applications, online services and multifactor methods require passwords. While having multifactor authentication to enter these services provides a layer of security, passwords are certainly not the most secure method of protecting all of your data. The FIDO Alliance is hoping to change all of that. The Alliance is a cross-industry coalition developing open, interoperable authentication standards that reduce reliance on passwords with authentication that is more secure, private and easier to use. The goal of which is to provide users with a simple way of authenticating you to all of your online services with minimum fuss and maximum privacy.
FIDO, or Fast IDentity Online, encompasses a collection of protocols and specifications that include Universal Any Factor (UAF), Universal 2nd Factor (U2F), and FIDO2. Universal across all of these specifications is a FIDO Security Key, which refers to hardware or software, “authenticators” that allow you to be cryptographically authenticated without having to have a password.
Without delving too deep into the technology, a FIDO security key generates unique cryptographic keys that you can associate with each of the services you want to authenticate to. Because each key is unique, it cannot be traced back to any of your other keys. In addition, your keys cannot be exported from the FIDO security key to be used anywhere else. All FIDO security keys require a test of at least a user presence, which is someone physically touching the device, before it can be used for authentication. This is just one example of protection against malware or anyone other than you using your FIDO security key without your knowledge or consent.
This is not suggesting that all of your password woes will be gone in the future if you adopted FIDO in your life…however, it’s safe to say that FIDO standards are some of the best ways going forward to keep users highly secure, without overly complicating their lives.
In fact, we feel so strongly about this high level of security that Jamf has joined the FIDO Alliance as a sponsoring member!
If you were able to attend JNUC 2019 or have watched the keynote online, you were able to see us demo some of the FIDO-related components for Jamf Connect with plans to incorporate FIDO standards as much as possible. The goal for Jamf, as is the goal with FIDO in general, is to work towards eliminating passwords, making your life easier and more secure.
We hope you'll join us in this journey.
Get started with Jamf Connect
Learn about Jamf Connect