Next year, FIDO becomes the default authentication protocol on Windows 11 and Apple devices. It is supported by every modern browser in the world. How do Indians prepare for this transition? The speaker will provide insights based on his more than 2 decades of experience with the original passwordless protocol – TLS ClientAuth – what lessons were learned by the PKI industry, and how to avoid repeating those mistakes. FIDO represents the best chance the industries in India have to eliminate “shared secret authentication” from the internet. However, history suggests it is not guaranteed. This session will provide pointers on how to succeed with FIDO from India perspectives.
What do you do with FIDO when you have a PKI, which is a backbone of Indian government’s e-ready initiatives?
When does the privacy promise of FIDO get violated, and who is liable for that?
How does using an external service provider (Identity Provider) for FIDO put you at risk?
Should you use the Cloud for FIDO? What are the risks?
What matters more when building FIDO into applications: UX or security?