Attackers predominantly use phishing attacks to steal and misuse user identities. A global Statista study on employee-reported malicious emails revealed that in the first quarter of 2023, 58.2% of malicious emails were credential theft attacks, 40.5% were impersonation attacks, and 1.3% were malware deliveries. Phishing attacks create a sense of urgency and panic in users, who, as a result, easily fall victim to them. IT administrators need to intervene by deploying phishing-resistant authentication methods to prevent such attacks, by combating phishing attacks with FIDO2.
What is FIDO2 authentication?
FIDO2 authentication is an open authentication standard developed by the Fast Identity Online (FIDO) Alliance. It uses public key cryptography to authenticate identities. FIDO2 is a passwordless, phishing-resistant authentication standard. It is compatible with various vendors’ authentication mechanisms, including hardware, mobile, and biometric authenticators, and it works in a wide range of browsers and operating systems.
Why is FIDO2 authentication making the news?
FIDO2 authentication is significant in identity management because it is both phishing-resistant and passwordless. It is phishing-resistant because it does not share user credentials between services. FIDO2 uses WebAuthn APIs and public key cryptography to store credentials as encrypted public and private key combinations. During authentication, all data transfers happen using those keys without the credentials being exposed to the network. So, even if a service is compromised, the data obtained cannot be used to access other services. FIDO2 authentication also defends against replay and manipulator-in-the-middle attacks.
FIDO2 authentication is passwordless, which means it replaces passwords with device-native authentication mechanisms (such as Windows Hello and Apple Touch ID) and portable security keys. Passwordless authentication using FIDO2 MFA reduces the additional costs involved in enterprise password management and provides an enhanced login experience for end users.
FIDO2 passwordless authentication with ADSelfService Plus
ADSelfService Plus provides FIDO2 authentication to secure enterprise applications, OWA, and self-service actions performed using ADSelfService Plus’ web portal. It supports both platform FIDO2 authenticators (such as Windows Hello, Apple Touch ID, and Android biometrics) and roaming FIDO2 authenticators (such as YubiKey, Google Titan Security Key, and Precision Biometric InnaITKey). With a simple, interactive console, ADSelfService Plus provides hassle-free FIDO2 enrollment and authentication for end users.
To keep track of users’ enrollment and authentication activity, ADSelfService Plus generates comprehensive FIDO2 reports including data such as each user’s FIDO2 enrollment status, the device used, the credential type, and the timestamp. Using these reports, administrators can instantly disenroll users from FIDO2 credentials upon detecting suspicious activities.
Customizable FIDO2 authenticator configurations in ADSelfService Plus
Comprehensive reports on users’ FIDO2 enrollment statuses
A user-friendly console for easy FIDO2 enrollment and authentication
Benefits of FIDO2 passwordless logins with ADSelfService Plus
Click here to learn more about ADSelfService Plus’ FIDO2 MFA capability and why it’s the ideal choice for your organization.
For more information on ManageEngine services, click here