Hi [[ session.user.profile.firstName ]]

FIDO2 Authentication Demystified

Watch this webinar to learn what FIDO2 Authentication is, and how to architect FIDO2 Authentication within applications. This session is led by Derek Hanson, Yubico Senior Director of Solutions Architecture and Standards.

Key topics include:
- What is FIDO2
- Passwordless Login Demystified
- Making sense of FIDO2, WebAuthn, CTAP and U2F

This webinar is intended for Product managers and developers, though it is open to anyone interested.
Recorded Jun 13 2018 25 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Derek Hanson, Luke Walker
Presentation preview: FIDO2 Authentication Demystified

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Go Passwordless with Yubico and Microsoft: WebAuthn, FIDO2 and Azure AD Jul 30 2019 4:00 pm UTC 60 mins
    Hormazd Romer, VP Product Marketing, Yubico and Jon Wojan,Partner Technical Architect, Microsoft
    Secure passwordless authentication is coming to a computer near you! WebAuthn, a new standard published by the W3C, along with the FIDO2 spec now make this promise a reality. Microsoft’s upcoming support for Windows 10 passwordless login via Azure Active Directory means soon hundreds of millions of users will be able to experience the convenience of passwordless login at a higher level of security than the traditional combination of password and multi-factor authentication (MFA).

    Experts from Yubico and Microsoft will provide an overview of the journey to passwordless, its key benefits, and why it is more secure than typical MFA.

    Attend this webinar to learn:

    * The roadmap to passwordless
    * Use cases and advantages of the WebAuthn and FIDO2 standards
    * How passwordless will work with Windows 10 and Azure AD
    * How to get started with passwordless authentication
  • Authentication: It's All About the User Experience Recorded: Jun 13 2019 59 mins
    Matt Bromiley,SANS Instructor & Incident Responder and Hormazd Romer, VP of Product Marketing, Yubico
    Authentication: It's All About the User Experience

    Authentication, including passwords, remains a weak link for enterprise security, despite many attempts to improve or strengthen it. Because people must authenticate themselves, effective authentication depends heavily on users, whose experience and willingness to comply often compromise security. This SANS webcast and associated new paper looks at the current state of authentication and ways to deploy a better process.

    SANS senior instructor Matt Bromiley, with insights from Yubico’s Hormazd Romer will talk about the challenges with passwords, existing authentication technologies and recent developments to improve authentication. The role of industry standards, including WebAuthn, will be addressed, along with specific recommendations to implement strong authentication. that protect the organization and provide a better experience for your users.
  • The Future of Authentication: How Two Factor Authentication is Dying Recorded: Jun 2 2019 59 mins
    Dr. Johannes Ullrich, SANS
    We all know that passwords do not work. For many years, ubiquitous phishing attacks, brute forcing, and credential stuffing using reused passwords has shown that organizations should not rely on passwords to authenticate users. This has pushed many organizations to race to implement two factor authentication.

    Two factor authentication has become a lot cheaper and simpler to implement in recent years, but the bad guys didn't rest on their data stashes either, and implemented some effective means to attack sites protected by two factor authentication. In addition, more and more users are using mobile devices as primary means to access web applications. Mobile web applications are often difficult to use with complex passwords and two factor authentication.

    Luckily, standard organizations have been working on this problem, and we now have some emerging standards that are being deployed in popular browsers. In this webcast, you will earn how these new standards like WebAuthn work, how to implement them, and what attacks they protect from.
  • Enabling GRC with Secure Authentication Across the Digital Ecosystem Recorded: May 30 2019 77 mins
    IT GRC Forum
    The days of securing a well-defined perimeter around your organization are gone. The cloud, mobile technologies, the internet of things (IoT) and diverse user groups freely exchange data across digital ecosystems, network and economies. This fluidity, however, means that organizations must secure access at multiple points throughout the organization, or risk letting in intruders seeking to hijack data.

    To manage the increasingly diverse digital landscape, IT and security managers need to move beyond usernames and passwords, and expand their use of multi-factor authentication (MFA) to help provide secure and convenient access to the critical data and systems users need. On this webinar our panel of experts will address how secure authentication can help enable GRC across the digital ecosystem, and they will share tips on:

    • Securing access at all points across applications, devices, users and environments.
    • Sharing insights across security systems to strengthen security.
    • Collecting and analyzing information to stop attacks.
    • How MFA can transform secure access—to any application, from any device, anywhere, at any time.
    • Strengthening identity assurance with privileged users.

    Moderator: Colin Whittaker, founder of Informed Risk Decisions

    Panelists: Jerrod Chong, SVP of Product at Yubico; Richard Bird, Chief Customer Information Officer at Ping Identity; Teju Shyamsundar, Senior Product Marketing Manager at Okta; and Andy Smith, Vice President of Product Marketing at Centrify.
  • Securing PKI with PrimeKey EJBCA and the YubiHSM 2 by Yubico Recorded: May 6 2019 35 mins
    Chris Job - PrimeKey, Professional Services Team Leader / Sebastian Elfors - Yubico, Solutions Architect
    Hardware security modules are table stakes when it comes to maintaining customer trust to protect against data theft and compromise. The world’s smallest hardware security module from Yubico, the YubiHSM 2, is now compatible with EJBCA for a range of public key infrastructure (PKI) use cases. PrimeKey and Yubico offer open source software and tools for implementing PKI based on PrimeKey’s EJBCA and the YubiHSM 2.

    Join Yubico Solutions Architect Sebastian Elfors,and PrimeKey Professional Services Team Leader Chris Job, for a technical webinar on how to secure your most critical data with PrimeKey EJBCA and the YubiHSM 2.

    This session will include:

    * An introduction to securing PKI with a hardware security module
    * Primary setup of the YubiHSM 2
    * Deploying YubiHSM 2 with PrimeKey’s EJBCA
    * Configuring the YubiHSM PKCS #11 library
    * Configuring EJBCA for use with YubiHSM 2
    * Adding and activating YubiHSM 2 Crypto Token in EJBCA AdminWeb
    * And more

    It is highly recommended that attendees read the EJBCA with YubiHSM 2 Usage Guide prior to attending this session in order to get a good baseline understanding.

    The usage guide is available here: https://developers.yubico.com/YubiHSM2/Usage_Guides/EJBCA_with_YubiHSM2.html
  • Enabling Digital Transformation: Best Practices for Authentication Recorded: Mar 13 2019 45 mins
    Abby Guha, Sr. Director, Product Marketing, Yubico
    The digital transformation of financial services is placing new demands on organizations looking to balance ease-of-use with security and stringent compliance regulations. How should financial services organizations provide secure access to customer information, account details, and other sensitive information without all the complexity?

    Most systems and applications require passwords and some may even have text based mobile authentication, but is that enough? How can organizations take advantage of new models for user authentication that offer opportunities to deliver ease of use while adhering to stringent security requirements.

    Attend this webinar to learn:

    - Risky password practices being used in workplaces
    - Best practices for enterprise authentication
    - How to mitigate risk with multi-factor authentication
    - Use cases for providing strong authentication to your employees and customers
  • 2019 State of Password and Authentication Security Behaviors Recorded: Feb 20 2019 59 mins
    Dr. Larry Ponemon, Ph.D., Chairman and Founder, Ponemon Institute and Abby Guha, Sr. Director Product Marketing, Yubico
    Despite the worsening state of online security, are we becoming more security-minded, and better yet, are we following best practices?

    The Ponemon Institute recently surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France regarding password management and authentication practices for individuals both in the workplace and at home.

    What percentage of phishing attack victims changed their password behaviors?
    How many respondents admit to reusing passwords?

    The answers to these questions may surprise you.

    Attend this webinar to hear about the survey results and learn:

    * How privacy and security concerns affect password behaviors
    * Risky password practices in the workplace
    * What authentication technologies are being used
    * The cost of lost productivity associated with password management
    * Best practices for enterprise authentication
  • World's Smallest HSM Secures Modern Infrastructures: YubiHSM 2 Open Source SDK Recorded: Dec 5 2018 35 mins
    Abby Guha, Senior Director Product Marketing (Yubico)
    Security breaches are a growing industry wide problem that in 2018 cost companies an average of $3.8 million per breach. Software storage of cryptographic keys for servers is increasingly vulnerable as attacks become more sophisticated.

    Traditionally, organizations have used Hardware Security Modules (HSMs) that were costly and complex to set up. However, with the YubiHSM 2, organizations of all sizes can enable effective security for cryptographic keys, across the entire lifecycle, in a portable and affordable hardware form factor. And with the new open source SDK, developers can build in hardware based strong security for cryptographic keys across a wider range of platforms and services than ever before.

    Attend this webinar to learn more.
  • The State of Identity and Security in the Age of Cyber Attacks Recorded: Nov 13 2018 48 mins
    Sushila Nair (NTT DATA Services) | Derek Hanson (Yubico) | Ian Spanswick & Rebekah Moody(ThreatMetrix Inc LexisNexis Risk Co)
    Cyber attackers are becoming more sophisticated and data breaches are on the rise. According to a recent report, over 4.6 billion records were breached in the first half of 2018, showing a 133% increase compared to last year.

    With sensitive, personal and confidential data being at risk of ending up in the hands of cyber criminals, enterprises of all sizes are looking to strengthen their security in 2019.

    Join this exclusive keynote panel of industry experts as they discuss:
    - Trends in cyber attacks and breaches
    - Who is at risk
    - How to prevent breaches, data theft and future cyber crime
    - Advances in authentication
    - New in identity and access management
    - Security awareness and training
    - Best practices for securing the enterprise

    - Sushila Nair, Sr. Director Security Portfolio, NTT DATA Services
    - Derek Hanson, Sr. Director Solutions Architecture & Standards, Yubico
    -Rebekah Moody, Fraud & Identity Director, ThreatMetrix
    -Ian Spanswick, VP Professional Services EMEA,ThreatMetrix
  • Who Is A Privileged User, Really? You May Be Surprised by the Answer Recorded: Oct 24 2018 38 mins
    David Treece, Sr. Solutions Architect, Yubico, Bassam Al-Khalidi, Co-CEO and Principal Consultant, Axiad IDS
    Allowing employees to use their own devices, and consequently moving enterprise assets to the cloud, can certainly improve productivity, but also puts the organization at risk for additional security threats. According to Gartner, more than 50% of organizations are unable to extend incumbent authentication methods to safely enable access for an increasingly mobile workforce.

    The way forward? Start by understanding that the IT Team is not your only high security risk. Organizations need ID assurance for every person and every system that puts the enterprise at risk. Until now, achieving this was too complex.

    Enterprises can now cost-effectively and easily extend their current authentication solutions. This all starts with accurately establishing the appropriate privilege level by identifying and defining who or what is actually “privileged”, based on access to sensitive information or privileged data. In this webinar, Yubico and Axiad IDS will discuss:

    - Why identifying privileged users is at the root of data breach prevention and what it takes to extend strong authentication across the enterprise
    - How enterprises can securely and efficiently manage the lifecycle of their devices and credentials, while saving on deployment and IT operational costs
    - The key benefits of enabling hardware-backed two-factor authentication to address the demands of an expanding digital workplace
  • Meet the YubiKey 5 Series Recorded: Oct 2 2018 21 mins
    Alex Yakubov, Sr. Director Ecosystem
    Join us for a session on the new YubiKey 5 Series and learn about the new features and benefits of our latest product line. We'll cover the difference between the YubiKey 5 Series with the YubiKey 4 Series and YubiKey NEO, as well as introduce the use cases and concepts of going passwordless.
  • Making sense of Blockchain and Authentication Recorded: Sep 19 2018 46 mins
    Ali Yahya, Partner, A116Z, Stina Ehrensvard - CEO/Founder, Alex Yakubov, Sr. Director of Ecosystem, at Yubico
    You solve security challenges in the realm of authentication and identity—and now the new buzz word “blockchain” is popping up everywhere. Join Yubico founder Stina Ehrensvard and a16zcrypto Partner Ali Yahya for a session on blockchain and authentication technologies. We’ll help you make sense of these technologies, and how they fit together in the security and identity management landscape.
  • Technical Overview: FIDO2 WebAuthn Server Validation Recorded: Jun 28 2018 75 mins
    Emil Lundberg, Luke Walker
    Watch this webinar for a technical overview of WebAuthn for Relying Parties. This session is led by Emil Lundberg, a key contributor and one of the nine editors of the W3C WebAuthn specification.

    Join us for a deep dive of how to integrate WebAuthn relying party operations into an authentication server.

    Key topics include:
    - FIDO Authentication, CTAP, and WebAuthn
    - Getting started with java-webauthn-server
    - Application structure
    - Data storage
    - Registering credentials
    - Authenticating credentials
    - Best Practices

    This webinar is intended for software engineers, developers, software architects, and product managers, though it is open to anyone interested on the topic.
  • Technical Overview: FIDO2 WebAuthn Data Flows, Attestation, and Passwordless Recorded: Jun 21 2018 32 mins
    Emil Lundberg, Luke Walker
    Watch this webinar for a technical overview of WebAuthn for web applications. This session is led by Emil Lundberg, a key contributor and one of the nine editors of the W3C WebAuthn specification.

    Join us for a deep dive into the core concepts required to integrate WebAuthn into your web application, including what happens behind the scenes during registration and authentication.

    Key topics include:
    - FIDO Authentication, CTAP, and WebAuthn
    - Registration Walkthrough
    - What is Attestation?
    - Resident Keys
    - Second-Factor Authentication
    - Password-less Authentication

    This webinar is intended for software engineers, developers, software architects, and product managers, though it is open to anyone interested on the topic.
  • FIDO2 Authentication Demystified Recorded: Jun 13 2018 25 mins
    Derek Hanson, Luke Walker
    Watch this webinar to learn what FIDO2 Authentication is, and how to architect FIDO2 Authentication within applications. This session is led by Derek Hanson, Yubico Senior Director of Solutions Architecture and Standards.

    Key topics include:
    - What is FIDO2
    - Passwordless Login Demystified
    - Making sense of FIDO2, WebAuthn, CTAP and U2F

    This webinar is intended for Product managers and developers, though it is open to anyone interested.
  • GDPR: Achieving Compliance and Secure Authentication with 2FA & Customer IAM Recorded: May 22 2018 31 mins
    Alex Yakubov (Yubico), Jesper Johansson (Yubico), Baber Amin (Ping Identity)
    The General Data Protection Regulation (GDPR) comes into effect May 25, 2018, and it impacts organizations throughout the world who sell, market to, and even collect any personal data of EU citizens. It has far reaching operational and IT impacts. Critical to GDPR compliance are security, data-access governance, and transparency in the collection and use of personal data for EU citizens, including use-based consent, self-service personal data management, and data encryption in every state (at rest, in motion, in use).

    As organizations look for efficient ways to check the compliance boxes, article by article, it is important to note that compliance is only a step towards strengthening your engagement with customers and preserving their data privacy.

    One of the key components for GDPR compliance is the need for strong authentication and identity management. Join this webinar to learn about the Secure Authentication requirements of GDPR, how to meet those requirements, and strengthen security at the same time.

    In this webinar, Yubico and Ping Identity will discuss:
    ● How Customer Identity and Access Management (Customer IAM) solutions provide key capabilities that help meet GDPR requirements ‘out of the box’
    ● Architectural best practices of Customer IAM that make compliance more cost effective and efficient
    ● How organizations can turn the GDPR compliance challenge into an opportunity by providing a single, unified view of the customer, building trust, and enabling secure, seamless and personalized customer engagement

    Alex Yakubov, Senior Director - Ecosystem (Yubico)

    Jesper Johansson, Chief Security Architect (Yubico)
    Baber Amin, Market Leader, Cloud Security Services (Ping Identity)
  • The #1 Cybersecurity Concern for the Boardroom Recorded: Apr 24 2018 27 mins
    Paula Skokowski, Yubico CMO
    The connection between cybersecurity and a company’s bottom line is increasingly becoming clear to all stakeholders in an organization, not the least of which is the boardroom. Cybersecurity has quickly risen in importance as an agenda item in most boardroom planning discussions and is now perceived and treated as a critical and strategic consideration.

    The key risks mapped to cybersecurity fears range from brand damage, breach costs, and loss of competitive advantage through corporate espionage. Join this webinar to cut through the noise and uncover the #1 cybersecurity risk board members should take action on that will have the biggest impact on their organization.
  • Uber Data Breach: Impact and Lessons for CISO's Recorded: Nov 30 2017 60 mins
    Alex Holden (Hold Security) | Jesper Johansson (Yubico) | Nathan Wenzler (AsTech)
    Uber recently disclosed a massive data breach in which the personal information of 57 million Uber customers and drivers were stolen by hackers in October 2016. What are some of the lessons we can draw from this latest breach?

    Join this interactive panel of experts as they review:
    - What is the impact of this breach?
    - What should Uber users do in response to this breach?
    - What are the most common reasons for breaches?
    - What should organizations be doing to better tighten their security?

    - Alex Holden, CISO of Hold Security
    - Jesper Johansson, Chief Security Architect, Yubico
    - Nathan Wenzler, Chief Security Strategist, AsTech Consulting
  • Using Open Standards to Comply with GDPR Recorded: Aug 17 2017 33 mins
    Tommaso De Orchi, Solution Manager (EMEA), Yubico and Nic Sarginson, Solutions Engineer (EMEA)
    The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. Acknowledging identity threats like phishing and man-in-the-middle attacks, the GDPR applies to all companies processing and holding the personal data of those residing in the European Union, regardless of the company’s location.

    An excerpt from the GDPR describes authentication as ‘key to securing computer systems’ and as the first step ‘in using a remote service or facility, and performing access control’. The document also outlines various GDPR-compliant authentication solutions, such as smart card, OTP push apps, and FIDO Universal 2nd Factor (U2F).

    Yubico’s enterprise solution - the YubiKey - combines support for OpenPGP (an open standard for signing and encryption), FIDO U2F (a protocol that works with an unlimited number of applications), and smart card / PIV (a standard that enables RSA or ECC sign/encrypt operations using a private key stored on the device) all in one multi-protocol authentication device. This makes it a strong and flexible solution for companies required to comply with GDPR. Attend this webcast and learn:

    •How GDPR will impact the way organizations worldwide store and access the personal information of EU citizens
    •How to leverage open standards to achieve GDPR compliance for strong authentication
    •How a multi-protocol authentication device protects organizations from phishing and man-in-the-middle attacks
  • Enterprise Authentication: Understanding the Security/Simplicity Trade-off Recorded: Aug 15 2017 62 mins
    Jerrod Chong, CISSP VP Solutions (USA), Yubico
    The 2017 Verizon Data Breach Report found that 81% of hacking-related breaches leveraged stolen and/or weak passwords last year. Organizations looking for strong authentication solutions often face a trade-off between security and simplicity.

    Smart card and FIDO Universal 2nd Factor (U2F) are two of the strongest authentication solutions for protecting your entire organization, and securing the information they access. Employees, vendors, partners, and customers all need strong authentication for workstation login, access to web applications, remote access to services, and privileged system access. During this webinar, Yubico’s VP of Solutions Jerrod Chong will share:

    • A comparison of enterprise authentication techniques, including username/password, one-time password, mobile push, smart card, and FIDO U2F
    • Why smart card and FIDO U2F are the strongest authentication solutions available today
    • How a single hardware authentication device combining smart card and FIDO U2F authentication can protect your entire organization from phishing, malware, and man-in-the-middle attacks

    Nine of the top 10 tech companies, including Google, Facebook, and Salesforce.com, use Yubico’s authentication solutions to protect all of their employees from phishing, man-in-the-middle, and malware attacks. Yubico’s enterprise-wide solution, the YubiKey, combines both smart card and FIDO U2F capabilities in a single hardware-based authentication device.
Your Key to a Safer Internet
Yubico was founded in 2007 with the mission to make secure login easy and available for everyone. In close collaboration with leading internet companies and thought leaders, Yubico co-created the FIDO U2F and FIDO2/WebAuthn open authentication standards, which have been adopted in major online platforms and browsers, enabling two-factor, multi-factor, and passwordless login and a safer internet for billions of people.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: FIDO2 Authentication Demystified
  • Live at: Jun 13 2018 6:00 pm
  • Presented by: Derek Hanson, Luke Walker
  • From:
Your email has been sent.
or close