WindowsPCの二要素認証「Yubi Plus」に、生体認証鍵を追加
September 1, 2022
ATKey – 2:About ATKey and fingerprint
January 31, 2023
1. What is the benefit of using FIDO2?
2. What is the benefit of using FIDO2 security key?
3. What is the risk without using security key?
4. Microsoft 365, Google are now ready for FIDO2?
5. What type of security key is available in market?
6. What kind of key (Biometrics vs. PIN) is most secure?
7. What is the benefit of using biometric key?
8. Biometric security key is ATKey
1. What is the benefit of using FIDO2?
Market trend :
“By 2025, more than 25% of MFA transactions using a token will be based on FIDO authentication protocols, up from less than 5% today.” – Gartner, 2022 July, “Innovation Insight for Many Flavors of Authentication Token”.
Superb Security :
Phishing-resistant authentication, asymmetric public key cryptography, Passwordless to avoid credential losing or hacking risks.
Simple plus safer for end users and IT administrator
users do not need to remember password, touch fido2 authenticator for login; FIDO2 is based on open standards and does not require any special infrastructure, making it easy for IT teams to adopt.
Echo system readiness :
OS platforms (Windows, Mac, ChromeOS, Linux, iOS, Android), browsers (Chrome, edge, Safari, firefox, …) , authenticators (roaming key, mobile app, embedded authenticator) , fido2 enabled web services (Microsoft, Google, Twitter, Amazon, Salesforce, Github, Gitlab, facebook, IAM, …. )
FIDO UAF (FIDO1.x) is not FIDO2
FIDO UAF (FIDO1.x) is not FIDO2, it just allow dedicate UAF client and server communicate each other, and client app needs to protect private key by themselves (just app level protection).
2. What is the benefit of using FIDO2 security key?
Superb security :
FIDO2 security key design on-top of Secure Element, hardware level security to protect private key and calculation always offline; Certificate needs by FIDO, plus enhance level validations by Microsoft Azure AD, RSA SecureID, … to enhance security for online services and enterprise.
Convenience :
FIDO2 security key is roaming key, work for any devices without extra driver or software installation; user can just touch fido2 key as verification to response the FIDO2 login challenge; one scenario for all services (comparing with multiple apps for different web services)
Work well for both online/offline environment
Work well for both online/offline environment, shared workstation or Kiosk, and at least 2 times faster authentication
3. What is the risk without using security key?
Take the real case
targeted phishing attacks (Aug. 2022) against Twilio, Cloudflare and other companies reinforce the need for companies to adapt phishless forms of Multi-factor Authentication (MFA). In these targeted attacks, the phishing kit would immediately relay any captured username and passwords to the attacker, in addition to any provided Time-based One-Time Password (TOTP) MFA codes. The attacker would then quickly leverage the stolen credentials and TOTP codes before they expired. In Cloudflare’s case, they used FIDO2 security keys, instead of TOTP codes, thwarting the attackers.
Another case from Twitter
the attack on July 15, 2020, targeted a small umber of employees through a phone spear phishing attack. This attach relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to your internal system. After the hack, The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to fido security keys in less than three months to its entire workforce for accessing internal systems.
4. Microsoft 365, Google are now ready for FIDO2?
Yes
They are all ready no matter MFA (Google) or Microsoft 365 (MFA/Passwordless); more FIDO2 ready including Azure, Amazon, Salesforce, Facebook, twitter, …
Check here for more ideas
5. What type of security key is available in market?
fido2 authenticator
fido2 authenticator including roaming key (security key), mobile authenticator (app, Passkey) and embedded authenticator (Windows Hello, TouchID)
3 kinds of interfaces of roaming key (security key)
USB, NFC and Bluetooth (CTAP2)
2 kinds of “verification” of roaming key (security key)
UV (user verification) vs. UP (user presence): UV can do by Biometrics (major by fingerprint) or PIN code; UP is just user touch.
6. What kind of key (Biometrics vs. PIN) is most secure?
Biometrics for sure
PIN code
PIN code feels like another kind of simple password but stored inside the key.
7. What is the benefit of using biometric key?
Touch with biometrics (fingerprint) verification vs. touch then type-in PIN code
no matter the security or user experience, not same level.
Irreplaceable
Biometrics is the best password since it’s always with you, never forget and not easy to be stolen.
8. Biometric security key is ATKey.
ATKey.Pro Type-A or Type-C, ATKey.Card are FIDO2 certified, including new CTAP2.1 certificate
ATKey.Pro and ATKey.Card are MISA (Microsoft Intelligent Security Alliance) validated as trusted device for Azure AD.
ATKey.Pro and ATKey.Card are RSA SecurID certified
Best fingerprint experience fido2 key - patent filling standalone enrollment, compact design, 360 degree to touch, less than 1 second authentication, …
▶ Read more about ATKey here
ATKey – 2:About ATKey and fingerprint
ATKey – 3:Register ATKey to services
