FIDO panel at the it-sa trade show

MTRIX GmbH, the leading specialist in strong authentication, organized a panel discussion on the theme of FIDO authentication at this year’s it-sa in collaboration with the Bundesverband IT-Sicherheit e.V. (TeleTrusT).

Moderated by Malte Kahrs, CEO of MTRIX, the panel consisted of:

  • Norbert Pohlmann, TeleTrusT board member and director of the Institute for Internet Security at the Gelsenkirchen Technical College
  • Jens Bender, BSI
  • Thomas Stoppe, German Federal Printing Office
  • Christian Reuter, Yubico

The FIDO Alliance was founded in 2013 with the goal of developing open international standards for secure and user-friendly authentication. Ever since, its membership has grown rapidly. Current members of the alliance include a lot of big players over the entire value creation chain: from producers like Yubico and RSA to users like PayPal and Visa, operating system and browser producers like Microsoft and Google, and finally government organizations like NIST and BSI.

The panel sees a tremendous opportunity in the diversity of its members. It is an opportunity that FIDO already offers now and, more importantly, will offer in the future. According to Pohlmann, such an open standard will, for example, allow companies with technologies from Germany to implement authentication at firms like Google or PayPal.

Jens Bender from BSI also noted that the alliance establishes producer independence and scalable security that also enables coverage of different security levels. The alliance is currently working on defining these security levels. That is one of the reasons BSI is already committed to this effort today. The goal is to assure that these global security levels match those in Germany and in the EU – such as in the framework of the eIDAS regulation.

Acceptance among users is another key factor for success according to Stoppe. He says that experience with the eID functionality of personal ID cards showed this to be true. “The technology can be good, and it might protect well,” says Thomas Stoppe from the German Federal Printing Office, “but if the organization to support the technology is lacking, and it is impractical for users, then it will never succeed.”

Yubico, one of the original founding members of the FIDO Alliance, developed the FIDO-U2F standard together with Google. According to Christian Reuter, the goal was always to make strong authentication as simple as possible, so that it would be truly accessible to everyone. “We all want to generate a global, open standard which would in turn create local verification options,” says Reuter, “but one that does not change practicality for the user – regardless of where the user is located in the world and what the user wants to do with it.”