Edge Trends Recap “A life without Passwords”

Recap by Manish Rathore

The Edge Trends Committee sponsored a free seminar entitled “A life without Passwords” on Friday, January 22, 2016 at 7:30 a.m. in the UCSD Extension Classroom. The guest speaker was Steven Secker, Application Development Manager at MedImpact Healthcare Systems Inc,
Steve is currently an active member of FIDO-Alliance group where his involvement in these efforts as an attempt to contribute to open technology standards that strive for interoperability.

Overall 20 attendees learned about “Password less Authentication” different mechanism of online FIDO-enabled devices authentication based on public key cryptography methods.

Steve discussed the case studies where FIDO has been integrated in Samsung smart phones and has been utilized by Paypal for authenticating user’s identity using Samsung fingerprint sensor and completing the successful transaction. Another case study Steve presented for Google Accounts based on the emerging strong authentication standard; Universal 2nd Factor or U2F. As a driving contributor to FIDO U2F specifications, FIDO standardizes the authentication protocol used between the client and the online service. The protocol is based on standard public key cryptography — the client registers a public key with the online service at initial setup. Later, when authenticating, the service verifies that the client owns the private key by asking it to sign a challenge. The protocol is designed to ensure user privacy and security in the current day state of the internet.

The seminar provided details of the core ideas driving FIDO are (1) ease of use, (2) privacy and security, and (3) standardization. For implementing authentication beyond a password (and perhaps an OTP), companies have traditionally been faced with an entire stack of proprietary clients and protocols? Why is it worth it?

Overall, it was an insightful seminar, enhanced by Steve’s experience and knowledge. The feedbacks received from the attendees were extremely positive “Helps understand the future trends and security threats”, “Yes absolutely useful”, “Very interesting discussion on Passwords”, “Presentation was informative for both professional and personal use” and “Well Worthy Time”.