31 Jul

3 Min read

Navigating the Path to Passkeys: One Approach Does Not Fit All

July 31, 2024 Nok Nok News 0 comments

As businesses and government organizations embark on their journey towards implementing passkeys, careful planning and consideration of various factors are crucial to ensure a smooth transition. We think one of the most critical and valuable to the organization is “the path” – where to start, and how to stage the phases. Passkeys offer numerous benefits, including enhanced security, improved user experience, and reduced operational costs. But careful consideration of the steps that surround the actual passwordless path is critical, especially for organizations in high security and regulated markets.

What are all these steps and why are they important in migrating to Passkeys?

Defining Goals and Priorities

Before diving into implementation, organizations must first define their specific goals and priorities for adopting passwordless technologies. Whether the aim is to bolster security measures, streamline user access, or cut down on operational expenses, clarity on objectives is essential from the outset.

Assessing Current Security Infrastructure

With goals and priorities aligned, next up is understanding the current state of the organization’s security infrastructure. Too often organizations will miss a step as they haven’t identified potential gaps in existing solutions and assessing security posture are vital steps in preparing for the transition to passwordless authentication. This is particularly critical in industries with stringent regulatory requirements, such as finance and healthcare, where compliance and data integrity are paramount.

Prioritizing Use Cases

Once goals are established and the security landscape is assessed, prioritizing use cases becomes the next step. Different applications and user interactions may require varying levels of security and access control. Thus, businesses must identify which use cases are most critical and prioritize them accordingly. This involves determining which use cases necessitate the highest level of security and which could benefit from a simplified user experience.

Paths to Implementing Passwordless Solutions

With these considerations in mind, we have learned that organizations can explore various paths towards implementing passwordless solutions, each tailored to specific needs and use cases with related benefits. Where an organization starts depends on their goals and priority use cases. For example, for organizations with a mobile first strategy and high security needs, they may consider “hardening” their mobile application with a device-bound passkey first as most companies are enabling biometrics in a less secure way. This provides a “trust anchor” through the mobile app. Alternatively, businesses can opt to start by replacing passwords in applications with synced passkeys, either for web-only usage or across both web and native applications. There are pros and cons to consider and it’s important to understand the security and user experience ramifications. For high security markets, combining device bound and synced passkeys can enable organizations to address various use cases in the most convenient and secure manner.

Planning and Rollout

While these paths may seem straightforward, transitioning to passwordless requires meticulous planning and phased rollout. Testing and refining your approach in controlled environments allows organizations to mitigate risks and make necessary adjustments based on initial feedback and performance. This approach ensures a smoother transition and enhances both security measures and user satisfaction.

For businesses seeking guidance on navigating the complexities of implementing passwordless authentication, partnering with experienced providers like Nok Nok can offer invaluable support and expertise. With over a decade of experience in deploying FIDO-based solutions for trusted brands across various industries, Nok Nok is well-equipped to assist organizations in transitioning to a passwordless future.

To learn more about accelerating your journey towards passwordless authentication, reach out to Nok Nok today.

25 Jun

4 Min read

Moving to Zero Trust – Implementing M-22-09 – Time is Running Out

June 25, 2024 Nok Nok News 0 comments

Just over three years ago, the Biden Administration released Executive Order (EO) 14028 - Improving the Nation’s Cybersecurity. The EO marked a significant milestone in the ongoing battle against cyber threats, acknowledging the critical need to fortify the nation's digital defenses in an increasingly interconnected and vulnerable landscape.

27 Oct

3 Min read

Authenticate 2023: The Tipping Point for Passkeys and Passwordless Authentication

October 27, 2023 Matt Lourie 0 comments

Last week, Nok Nok attended Authenticate 2023, the industry’s only conference dedicated to all aspects of user authentication, with a focus on FIDO. According to a poll, over half of the attendees were new to FIDO, highlighting the growing interest. It was incredible to see how far the industry has come. When the FIDO Alliance was first founded 11 years ago by Nok Nok and 5 other visionary co-founders, passwordless authentication was just a bold theoretical idea. This, however, marked the start of an industry movement to passwordless authentication. With over 600 attendees representing major platforms, vendors, and industries, Authenticate 2023 demonstrated the tremendous momentum and excitement building around passkeys.

Passkey Readiness

Leading up to the conference, Google and Apple made big announcements concerning passkeys. All users signing in to Google accounts will be prompted to create and use passkeys instead of passwords. Similarly, Apple announced their plans to automatically assign a passkey to a user’s Apple ID when it launches iOS 17, iPadOS 17 and macOS Sonoma.

These major industry roll outs signal that passkeys are ready for mainstream adoption everywhere we currently use passwords. There were many sessions on passkey success stories, with practical advice on real-world implementation and deployment considerations.

User Experience is Key for Growth

One key focus at Authenticate 2023 was the importance of optimizing the user experience for passkeys. There were many informative sessions covering how to refine the passkey authentication experience for users. Speakers shared user experience (UX) design principles to keep in mind, accessibility considerations for inclusive authentication, and ideas for balancing strong security with usability in passkey flows. The sessions made clear that while technology may enable passwordless authentication, thoughtfully designing the UX is crucial for driving mass adoption.

FIDO Adoption

With passkeys becoming more widely used, the conference examined deployment challenges, best practices, and lessons learned for a wide range of workforce and consumer-facing use cases. These included fintech (Intuit), media, e-commerce, travel, and gaming. The sessions provided key takeaways for organizations implementing FIDO-based authentication including Nok Nok’s session by Dr. Rolf Lindemann on Strategies for Using Passkeys in Regulated Markets.

FIDO Usage in the Government

Several sessions dove into adoption of FIDO standards and passkeys by government agencies. There was recognition that while Personal Identity Verification (PIV) cards are vital for government use cases, FIDO has an important role to play in addressing gaps where PIV cards are not viable. These insights highlighted the complementary value and growing role passkeys are playing in public sector digital transformation. For more information, see the recently published FIDO Alliance Guidance for the US Government.

From major platform announcements to real-world deployment lessons learned, Authenticate 2023 showcased the enormous progress and potential of passwordless FIDO-based authentication. As passkeys and FIDO standards continue to gain momentum, the conference provides valuable insights for any organization implementing modern authentication.

11 Oct

3 Min read

Ditch the Passwords and Embrace Passwordless Solutions for Effortless E-Commerce

October 11, 2023 Nok Nok News 0 comments

In our hyper-connected digital era, where online shopping is an integral part of our lives, the cumbersome process of creating and managing passwords has become a significant roadblock for e-commerce platforms. A study by NordPass reveals that a typical internet user juggles between 70 to 80 different passwords, highlighting the complexity users face in managing their online identities. It’s high time we explore more convenient and secure alternatives to passwords to enhance the online shopping experience.

Imagine signing up for e-commerce websites with the same ease and simplicity you experience when unlocking your mobile device using facial recognition or a finger swipe. The prospect is intriguing, practical and when done correctly, more secure. Biometric authentication could potentially revolutionize the way we interact with online platforms, particularly in the realm of e-commerce.

One of the costly issues faced by e-commerce sites is shopping cart abandonment, which accounts for a staggering $18 billion in lost revenue annually. A significant portion of this abandonment stems from the cumbersome process of creating a password during the checkout process. When users are prompted to create an account with a password, especially when they are trying to complete their transaction, friction is introduced. This friction can discourage potential customers, leading them to opt for a guest checkout and even abandon their carts.

The consequences of this friction extend beyond lost sales. E-commerce platforms miss out on the opportunity to build customer loyalty and gather valuable customer data for tailored marketing strategies. When users opt for guest checkouts, companies lose the chance to personalize their outreach and marketing efforts. Marketing is all about understanding your audience, and the more information a company has about its users, the better they can target and engage prospective customers effectively. Studies show that users who create accounts have a 10% higher average order value.

What if e-commerce websites offered an alternative solution to the traditional password setup, allowing users to employ biometrics for authentication in the form of “one-step checkout” so that customers don’t have to enter their information repeatedly? Passwordless authentication that utilizes biometrics, such as touch ID and Face ID can provide a seamless and secure user experience. No need for complex passwords! Additionally, implementing FIDO-based Passkey authentication solutions, like those offered by Nok Nok, can protect users from the most common type of attack – phishing – making it extremely difficult for malicious actors to gain unauthorized access to accounts. This proactive approach to security not only benefits customers but also strengthens the credibility and trustworthiness of e-commerce platforms.

By embracing passwordless authentication solutions, e-commerce platforms can simplify the onboarding process leading to increased account creation and reduced cart abandonment rates. The seamless experience would encourage users to complete their purchases, engage more often and potentially foster long-term relationships, leading to increased revenue and enhanced customer loyalty.

It’s evident that the traditional method of creating and managing passwords is outdated and cumbersome, particularly in the fast-paced world of e-commerce. Implementing FIDO-based passkey authentication can be a game-changer, providing users with a more convenient and secure means of accessing e-commerce sites. It’s time for the industry to embrace these innovative authentication methods and elevate the online shopping experience for everyone.

17 Feb

1 Min read

Nok Nok Featured on Keen On

February 17, 2023 Nok Nok News 0 comments

Nok Nok on KEEN ON. When Will Silicon Valley Fix its Annoying Password Problem? Nok Nok’s Phillip Dunkelberger on digital technology that might finally kill the online password as featured on the KEEN ON podcast with Andrew Keen. In this KEEN ON episode, Andrew Keen talks to Nok Nok CEO Phillip Dunkelberger on digital technology that, he promises, will finally kill the online password.

View more KEEN ON content here and enjoy additional Nok Nok Videos here.

12 Jan

1 Min read

Customers Don’t Need a Password

January 12, 2023 Nok Nok News 0 comments

In this video, we discuss how your customers don’t need a password with a passwordless authentication solution from Nok Nok. Eighty percent of all cybercrime starts with stolen passwords. Beyond that your customers hate passwords, forget passwords, and use up your valuable resources to reset passwords. But with Nok Nok’s solutions, your customers don’t need a password. That’s because Nok Nok provides passwordless authentication, including expert support for passkeys, that allows customers to easily and securely access your services. That saves time, saves money, and improves the trust your customers have placed in your brand. Choose the company with the largest banks, telcos, and financial services trust to protect their customers. Choose Nok Nok, the global leader in passwordless authentication.

Connect with us on Linked IN

Schedule a Free Learning Session

25 Oct

3 Min read

More Banks & Credit Cards Are Using Biometrics

October 25, 2022 Nok Nok News 0 comments

Thanks to the efforts of the FIDO alliance and big businesses such as Google and Apple, passwordless authentication is growing in the world of banking and credit card transactions. Biometric features are increasingly found to be fast, safe, efficient, and more secure for users, though some factors are still being addressed.

Global Adoption

Ironically, despite the United States’ reputation for developing cutting-edge technology, the American public often is slower to adopt new technologies and techniques compared to the rest of the world. For example, Alipay was one of the earliest vendors to introduce facial biometric payment in China. As a result of this early implementation, payment using facial biometrics is ahead of the curve in China compared to the United States. However, part of the reason for the slower uptake in the United States is cultural factors. Whereas Chinese shoppers don’t worry too much about whether facial biometrics are an invasion of privacy, American shoppers do and thus express reluctance. Conversely, American shoppers seem more comfortable with a fingerprint biometric than many other countries.

Another issue is trust and regulation. Europe is generally regarded as a harsher, more regulated, and thus “safer” transactional environment. So the thinking is that if biometric transactions meet the stringent demands of European Union financial regulations, that will mean they more easily exceed the safety and privacy requirements that would be in place in the United States.

Devices Matter

One of the most promising approaches for banking and credit card transactions has been using mobile devices for verification and authentication. There are multiple reasons this solution is popular, not the least of which is the ubiquity of such personal mobile devices in most of the population. However, the other advantage of this is that biometric authentication can remain private.

In this solution, biometrics and the data required for authentication remain on the phone and not in some online database where a breach would result in the theft of private information. Instead, once someone’s biometrics have been confirmed, the mobile device itself is considered authenticated. It can communicate with other networks, using a multifactor authentication system, of which biometrics is merely one link in the chain but the easiest one for people to use, while other factors handle the “heavy lifting” in the background. All of this is part of the initiatives employed by the FIDO alliance to make things easier. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.

06 May

0 Min read

Minimizing User Burden in Authentication

May 6, 2022 Nok Nok News 0 comments

Have you ever been frustrated to spend minutes trying to find a password that you couldn’t remember?

18 Dec

4 Min read

History has an Echo

December 18, 2020 Nok Nok News 0 comments

In 1876, the first telephone call was made. The technological principles of the telegram – allowing for instantaneous communication over long distances – were deployed at a massive scale to allow for advanced, personal communication to be deployed in every home. The leap from dots-and-dashes to voice-and-sound took 32 years (Samuel Morse sent his first telegraph in 1844). By the late 1890s, 20 years since Bell asked Mr. Watson to join him in his lab, the sky of New York City had been blotted out by the ill-conceived, inefficient infrastructure built to deliver these services.

History, it seems, is not without an echo.

It was roughly 30 years between the invention of the computer password to the wide scale adoption of the internet. In the intervening 20 plus years, digital accounts have proliferated much like phone numbers in the late 1800s. And again, an ill-conceived, inefficient infrastructure threatens to blot out the sky.

In the near future, each household will be managing around 50 connected devices. 5G will drive a wave of innovation powered by new ideas about what we can do with all of that bandwidth and connectivity. The problem with technological waves is that the mental framework, the mindset that governed the prior generation of technology is slow to die. Therefore, we will find ourselves overrun with password fatigue, dreaming of the day we could see the skies through all of the password-lines.

But we will evolve. We have to. Our current mindset and methodology just doesn’t scale. The problem of digital identity will need to be solved.

First, in the next 1 to 5 years, passwords will become the “additional” factor, rather than the primary one. Other strong signals – like device data, physical and behavioral biometrics, or a second trusted device – will become the primary. We have already seen these trends in Apple products, like using the Apple Watch to unlock your MacBook, or the nigh ubiquitous fingerprint sensors. Soon the password will primarily be used as the method of “step-up” authentication.

Between 3 to 8 years from now, passwords will be fairly rare. Authentication will still be between a service provider and their customer, but the customer experience will be dramatically different. Companies will rely – primarily – on technologies like FIDO that provide cryptographic verification of identity. These will continue to be augmented by risk engines to discern identity. The industry will begin to see the emergence of “trusted identity providers” – an evolution of today’s social login features and password managers. These companies will provide users with the ability to log into their multitude of profiles with a single click. But the scalable attack of a breached username and password database will no longer be possible. This new paradigm will not be reliant on shared secrets.

5 to 10 years from now, you will see identity becoming its own segment of the mobile ecosystem. Not as service providers licensing products – but as organizations that share pieces of information at a microtransaction level that is so small as to stay unprofitable. When the user opens an application, it will query a network of participating companies (possibly over a blockchain or similar technology) asking “Who is there?” Tiny pieces of information will all coalesce to reveal the true digital identity of the user. Just in time and only what the application needs. All of this in a privacy preserving manner with user consent and transparency.

These predictions are not revolutionary. We have the technology that can perform all of these actions. What will be revolutionary is the business model that sees them coming to fruition. There must be an incentive, a reason for these claims to be harvested, recorded and shared. It cannot be a single entity. Each service provider will be interested in different parts of my digital profile and should only need to pay for what they need. This solution will need an ecosystem to support it.

Pasts Echo will continue to reverberate. Just as we evolved from the telephone poles and over the air wires in New York to a world with underground fiber and wireless communication – we will see big changes in our identity infrastructure as well. Identity discovery will no longer be through One-to-One connections. Instead it will be over Identity networks that are very secure and part of the invisible fabric that makes the Internet.

23 Jan

3 Min read

Passwords and Their Impact on IT Support

January 23, 2017 Nok Nok News 0 comments

We then chase down the rabbit-hole of re-writing a memorable word or phrase with digits, punctuation, upper and lowercase numbers and – I kid you not – in some situations, emojis. I once heard the continued use of passwords described as a secret conspiracy launched by 3M to sell more post-its.

Not only is this is this process aggravating, not only does it make a system less secure, the added complexity and frequency of change makes remembering your password drastically more difficult. For the user, a forgotten password is simply a source of friction and frustration – for the company, the IT Support staff, it is actually the source of costs. An estimated 20 to 50 percent of all help requests regard resetting passwords. Forrester Research estimates that each reset can cost a company around $70.

Unfortunately, the password problem can’t be solved by a single company. Due to the required complex nature of passwords, users tend to take a single complicated keyword, and reuse it across multiple sites and services. This allows for a malicious actor to crack one password and then use it across the universe of accounts and services that the user has. All of that personal information, all of a company’s proprietary information stored in a user account, banking and financial information – all unlocked by the same password that was guarding Fantasy Football scores.

User friction and frustration generate another problem. As a user surfs a website, filling their cart with goods and products, they become more and more committed to a purchase. When it comes time to go through check-out, the user has to produce an account. They have to login with a username and password and input credit card numbers and delivery addresses. First time users expect this experience and tend to stick with it to completion – however, repeat visitors who have forgotten their password tend to abandon their cart. The frustration associated with passwords causes a loss in revenue and a loss in repeat customers.

Fortunately, a solution is afoot. Usernames and passwords are designed to prove to a service that a customer is who they say they are. They rely on a shared secret to authenticate the user. Authentication is a combination of a Claim and a Calculation. I claim my identity. The service calculates that only I would know the secret I had shared with them earlier so there is a high probability of me being me. Fortunately, shared secrets are not the only way to authenticate someone.

Multifactor authentication is the process by which identity is established by providing two of the following three things (1) Something only I would have, (2) Something only I am, (3) Something only I know. By leveraging multifactor authentication, the world can finally move off of usernames and passwords.

Nok Nok Labs is an expert in this field and is prepared to help your company navigate to a higher level of security with less waste and more fidelity. Our S3 Authentication Suite technology powers multifactor authentication through proven public-private key cryptography based on the protocol invented by Nok Nok Labs and popularized by the FIDO (Fast IDentity Online) Alliance. This protocol will allow a company to deploy strong authentication to their users and can drive better security, better user experience, decreased costs and improved revenue.

For more information on how your company can cut down on IT waste and enact multifactor authentication, read our newest whitepaper, “Strong Authentication: It is Time to Act.”

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

Passkey Readiness

User Experience is Key for Growth

FIDO Adoption

FIDO Usage in the Government

Global Adoption

Devices Matter

Contact Us

Contact and Subscribe

Latest Posts

Navigation

Please complete this form to view and download this resource.

Submit to Download Forms