Energy Digital Magazine October 2024 | Page 128

HID
Sean Dyon , the Director of Strategic Alliances at HID , highlights the company ’ s role in shaping the passwordless future : “ Our mission is to empower trusted identities for people , places and things across the globe . We achieve this by enabling secure , seamless authentication that enhances individual productivity , strengthens workforce efficiency and ensures the freedom to navigate across physical and digital spaces ,” he says .
“ What we have been increasingly working towards is to accelerate adoption of passkeys in the enterprise , and we ’ ve been doing that by working with the industry and through partnerships like Microsoft .”
Phishing resistance through FIDO authentication At the heart of the passwordless revolution are the FIDO ( Fast Identity Online ) standards . These open standards , developed by the FIDO Alliance – an industry association dedicated to reducing reliance on passwords – provide a framework for secure , user-friendly authentication .
HID , a long-standing member of the FIDO Alliance , has been instrumental in advancing awareness and adoption of these standards . “ FIDO is built on the foundation of establishing trust ,” Sean says . “ This is crucial because it ensures that the communication between the user and the service remains secure and cannot be intercepted by a third party .”
With 89 % of organisations experiencing a phishing attack in the

“ Our mission is to empow trusted identities for people , places and things across the globe ”

SEAN DYON DIRECTOR OF STRATEGIC ALLIANCES HID GLOBAL
past year , the FIDO standards are central to this mission . “ FIDO is critical because it eliminates shared secrets such as passwords , which are often targeted by phishing attacks ,” he explains .
Unlike passwords , which can be reused across multiple sites and are susceptible to phishing , passkeys rely on public key cryptography that ensures the user ’ s credentials never leave their device . By generating a unique pair of keys for each user – comprising a public key stored on the server and a private key securely held on the user ’ s device – this approach creates a “ chain of trust ” between the user , the credential and the resource being accessed . For example , an attacker cannot impersonate a legitimate website , such as a financial institution , to trick the user into authenticating through a fake portal . The cryptographic key pair thus ensures that the authentication process is direct and protected from potential threats , preventing unauthorised access and ensuring the integrity of the transaction .
128 October 2024