Lead Security Engineer for Identity & Access Management, Target
Target’s Journey towards Password-less Authentication
Target’s Identity & Access Management team constantly explores new technologies, solutions and techniques to improve and secure the team member login experience when accessing enterprise applications. The goal is to achieve a frictionless, yet secure login experience for hundreds of applications that are integrated with Target’s Single Sign on (SSO) platform.
Fast Identity Online (FIDO) is an open and scalable standard that Target researched and evaluated to ensure stronger authentication, while reducing login friction. Our home-grown FIDO2 server is integrated with Target’s Risk Engine and SSO platform, that provides a simple, seamless and secure login experience for team members. Depending on the transaction risk evaluated by our Risk Engine platform, team members accessing enterprise web applications integrated with Target’s SSO platform are challenged for a second factor verification during the login process. Authentication through FIDO protocol using biometrics or security key is one of the strongest authentication options available to users during the second step verification process. We have seen an increased adoption of the FIDO authentication option – it provides a faster login experience and improves team member productivity.
Target’s FIDO2 server is certified by FIDO alliance and has gone through a formal certification process. The certification includes comprehensive self-validation conformance tests, followed by interoperability testing against authenticators from multiple vendors. Target has successfully implemented FIDO2 as a second factor authenticator for all SSO-integrated production applications and is also testing FIDO2 as a primary authentication option to achieve a truly password-less experience.