Zero Trust Security with FIDO2 and Passwordless Authentication

The fast-changing digital world, remote workforces and mobile apps of today’s complex IT environments require businesses to continually improve their security posture. As IT and cybersecurity professionals look to utilize strong user authentication technology, they seek the following requirements: easy deployment and management, flexibility to protect both on-premises and cloud-based applications, and convenience for users.

person signing into computer with Crescendo card

The Growing Adoption of FIDO2

The FIDO2 standard is seen by many in the cybersecurity community as the answer in providing scalable, flexible, increased security with end user convenience in mind. The core concepts driving the growing adoption are:

  • The ability to go passwordless and say goodbye to complex, easy to forget passwords
  • An improved user experience that reduces security risk while protecting privacy
  • A wide range of form factors (smart USB keys, NFC smart cards, mobile phones, and more) that provide the user freedom of choice
  • The standardization of WebAuthn at the W3C, which enables online services to use FIDO authentication through a standard web API and is supported in major web browsers

Microsoft Announces FIDO2-support for Hybrid AD Environments

On February 24th, Microsoft announced the public preview of passwordless authentication using FIDO2 security keys for hybrid environments. As a major step toward facilitating the employee adoption of FIDO2, security keys provide a seamless and convenient authentication experience for users.

Deployments with on-premises Active Directory connected to Azure Active Directory can use FIDO2-supported authenticators to securely log into their Hybrid and Azure AD-joined PC. This enables a single sign-on experience whether they access on-premises or Azure cloud resources.

Microsoft already offered a public preview of Azure AD support for FIDO2-supported passwordless sign-in, but there’s still a prevalence of on-premises Active Directory. The progression to support hybrid environments will further the move away from password dependency.

HID Global + Microsoft Partner for the Passwordless Experience

We’ve partnered with Microsoft to support the journey to a passwordless world. Last year, Microsoft invited HID Global to join the Microsoft Security Intelligent Association. Through using our Microsoft-compatible security keys, Crescendo® C2300 smart card and USB Crescendo Key, users can securely authenticate to both cloud and on-premises resources, as well as digitally sign documents and email, encrypt data at rest and in transit, and even secure access to facilities. Crescendo authenticators can be deployed on their own, but can also be managed by HID Credential Management Service, providing a secure identity that can be verified by most organizations with whom you do business.

If you’re ready to explore a FIDO2 passwordless experience for your organization, chat with one of our security experts.

Get the latest blogs on identity and access management delivered straight to your inbox.

Yves Massard is responsible for the product marketing effort in HID Global’s Identity and Access Management (IAM) government business. While at HID, Yves assisted in creating the US DoD Common Access Card, ActivID™ CMS—the market-leading PIV credential management system—and ActivClient™, market-leading middleware. Yves received a Masters Degree in Computer Science from the Institut National des Sciences Appliquées de Rennes and an MBA from Saint Mary’s College, California.