SecurID has been working with the Fast Identity Online (FIDO) Alliance since 2014 to minimize cybersecurity’s reliance on passwords for identity security. Members of the SecurID team are active on the FIDO board of directors, and SecurID has introduced a variety of passwordless capabilities in the past several years that put FIDO principles into practice.
Of course, a lot has changed in identity security over the last seven years. During that time, our customers have asked us to build more ways for them to use FIDO-based passwordless authentication across more operating environments. Their feedback—and the increasing need to provide access to any platform, from everywhere—will continue shaping our innovation agenda.
Here’s a quick look at a couple of notable developments in the SecurID passwordless journey, along with answers to questions we’ve received recently from organizations considering FIDO-based passwordless authentication from SecurID.
SecurID passwordless sign-in: from web and SaaS apps to Windows environments
Back in 2019, SecurID began to offer FIDO2-based passwordless authentication for web and SaaS applications—such as Salesforce, Workday and Office 365, to name just a few examples. The capability made it possible to use any FIDO2-compliant authenticator with SecurID as the primary authentication factor in a multi-factor authentication (MFA) scenario.
This year, we’ve extended that capability to Windows 10 laptops and desktops. As this short video demonstrates, the passwordless capability can be combined with SecurID MFA biometrics to speed and simplify logging in to Windows 10 operating environments. (Other SecurID MFA methods can also be used.)
Since you asked: answers to questions about using FIDO and SecurID
Whether you’re new to SecurID passwordless authentication, or you’re a customer who’s interested in taking advantage of the new passwordless-into-Windows capability, we’d like to answer some of the questions you may have about how it works in your day-to-day authentication environment.
The following questions were among those that came up after a recent webinar.
“If an application uses both a traditional password and a software token-generated passcode, does this mean the password is no longer necessary?”
Pretty much! You can also combine passwordless authentication with risk-based authentication to step up to an additional factor of authentication for situations where the level of risk warrants it.
“Does the FIDO2-based authentication work with Windows Hello?”
Absolutely. SecurID passwordless authentication supports using Windows Hello as FIDO authentication
“What about licensing? Is a separate SecurID license required for the FIDO2-based passwordless solution?”
SecurID Enterprise- and Premium-level licenses cover the passwordless capability with no additional licensing required, and you can bring your own FIDO2-certified authenticator to plug into SecurID.
“Can we manage the authenticators in the same console as other SecurID tokens?”
Yes, you can manage all authentication options through the console using the same self-service portal.
“Does SecurID passwordless authentication using a FIDO2 authenticator work on mobile devices?
SecurID has a software version of FIDO2-based passwordless authentication in the preview phase at this time. Stay tuned for more information.
“Can we change the PIN on the FIDO2-certified keys?”
Yes. You do you.
Visit SecurID.com to learn more about passwordless authentication with SecurID.