-
-
- Try LoginID for Free
- Already have an account
- Login
Users pick something simple to remember that’s easy to hack
People use the same password in multiple places: shopping sites report having the highest ratio (>85%) of reused and modified passwords
Customers continue to use passwords even after being hacked - up to 70%keep the same password up to 1 year after a data breach
3.8x faster login speed compared to traditional passwords
Higher customer satisfaction - 61% of visa customers say biometrics are better than passwords
50% uplift in sales conversions with one touch payment versus traditional payment methods according to PayPal.
Meets PSD2 authentication requirements
According to Visa - 86% of people are interested in biometrics to verify identity
LoginID will enable compliance with privacy legislation, including the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). There are also several web, biometric and security standards we adhere to, read more about them below:
In March 2019 the World Wide Web Consortium and the FIDO Alliance announced the specifications for the official web standard for web authentication or WebAuthn for short. WebAuthn is the second major component that, along with the client to authenticator protocol, or CTAP, makes up FIDO2 Standards. FIDO2 Standards enable users to leverage common devices to perform authentication functions for online services rather than relying on traditional methods based on what a person knows, such as usernames or passwords. WebAuthn is the API that enables the creation and use of public key-based credentials by web applications. This approach is based on the notion that something a user ‘is’ can enable that individual to authenticate themselves. Something a user ‘is’ can be demonstrated or proven in several ways, including through mobile devices, biometrics or security keys.
WebAuthn enables web services to use FIDO2 authentication through the use of standard web APIs that can be built into browsers and related web platform infrastructure. CTAP allows more authentication mechanisms to be used. CTAP enables smartphones or FIDO2 security keys to be used to authenticate web services. WebAuthn by itself is just an API functionality and CTAP by itself is just a protocol designed for external Authenticator communications. Both parties enable the full FIDO2 functionality that is critical to its convenience and adoption.
These new authentication mechanisms significantly reduce the ability and likelihood of being compromised. Biometrics or other secrets like passwords never leave the users device and cannot be compromised by a third party.
The new web authentication protocol, called FIDO2, was developed by FIDO Alliance to bring phishing-proof passwordless authentication to the masses. FIDO2 Standards enable users to leverage common devices to perform authentication functions for online services rather than relying on traditional methods based on what a person knows, such as usernames or passwords.
FIDO2 protocol contains three authentication types: Passwordless Login, Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA), with the first of these being the most innovative. 2FA authentication is a new version of the legacy Universal 2nd Factor (U2F) standard that adds a second layer to the authentication flow to enable end users to confirm logins on their devices. MFA enables the most security conscious users to secure their identity through additional factors, such as a device PIN.
From a usability perspective, FIDO2 enables passwordless authentication. This is particularly beneficial for web or application developers as it removes the need for end users to remember passwords across multiple sites and apps.
In June 2017, the National Institute of Standards and Technology (NIST) released special publication 800-63 - the new version of the Institute’s digital identity guidelines. The main driver for this new release was the fact that identity attackers had caught up with a lot of first generation technologies, including one-time passwords. The new release naturally gravitates towards FIDO authentication as it is the only accessible ‘unphishable’ protocol for the development community.
In particular, 800-63 B: Authentication & Lifecycle Management, a subset of the new publication, covers specific application technologies that are prompting many enterprises to re-evaluate some of their previous choices for multi-factor authentication and to consider using FIDO.
At a high level, the new publication sets out 3 layers of assurance: Identity, Authentication, and Federation:
Authentication Platform
Transaction Confirmation
ID Verification
WordPress Plugin
