At a recent webinar, BankID Norway’s Ove Morten joined Joe Palmer, president of iProov, and Megan Shamas, CMO at FIDO Alliance, to discuss how the platform has evolved its approach to authentication and why combining passkeys with biometric liveness verification has become central to that strategy. 

Raonsecure will recruit entry-level and experienced hires online through Mar. 15. The company said strong interest is expected again this year after last year’s open recruitment posted a 125-to-1 competition rate.

The company said the appointment was made at the FIDO Alliance general assembly meeting in Paris and emphasized the role of FIDO-based authentication in the broader shift away from passwords. FIDO’s board composition can matter for both enterprise and consumer deployments because it influences the evolution of specifications, certification programs, and implementation guidance relied on by platforms and relying parties.

The Fast Identity Online (FIDO) Alliance developed passkeys several years ago, and many companies are already implementing them. For example, Microsoft removed password support from its authenticator app in August but left passkey support in place, and Amazon regularly prompts users to create a passkey if they haven’t already.

Like it or not, you’ll be prompted to create a passkey at some point, and you likely already have. That’s a good thing, as passkeys aren’t only much easier to use than a traditional password, they’re also a lot safer. Here’s everything you need to know about using them.

At the FIDO Alliance’s Identity Policy Forum, a panel led by the Better Identity Coalition unpacks a paper it drafted with the American Bankers Association within the Financial Services Sector Coordinating Commission (FSSCC), focusing on the threat of generative AI to the financial services digital identity system.

At the annual Identity Identity & Policy Forum, it’s a tradition for Andrew Shikiar, CEO of the FIDO Alliance, to reflect on his predictions from the previous year and offer predictions for the coming one. 2025 was a pivotal year for FIDO: passkeys – FIDO’s raison d’etre in recent years – finally became a mainstream authentication method, marking a long-term win for the Alliance.

In his keynote, FIDO Alliance CEO Andrew Shikiar estimates over 4 billion passkeys are now being used to secure sign-ins around the world. “That’s a massive number considering we introduced passkeys in 2022.”

Shikiar’s speech runs through his record on predictions he made at the beginning of 2025, and comes out looking pretty clairvoyant. Major banks have deployed passkeys. “I stood here last year and said 2025 will be the year of passkeys and banking,” Shikiar says. “I was kind of eating my socks on that until around Q4, when all of a sudden basically every major bank in the U.S. passkeys for sign-up.”

• We’re sharing a novel approach to enabling cross-device passkey authentication for devices with inaccessible displays (like XR devices).
• Our approach bypasses the use of QR codes and enables cross-device authentication without the need for an on-device display, while still complying with all trust and proximity requirements.
• This approach builds on work done by the FIDO Alliance and we hope it will open the door to bring secure, passwordless authentication to a whole new ecosystem of devices and platforms.

In a PaymentsJournal podcast, Dr. Adam Lowe, Chief Product and Innovation Officer at CompoSecure and Arculus, and Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research, explored the rising fraud challenges facing financial institutions and how some of the latest solutions may be inspired by innovations in retail.

Our senior reporter, Justin Bachman, dug deeper into the AI-driven agentic payments topic to help readers better understand when and how this tech tool really becomes a reality. Spoiler: not in 2026. Still, his story describes the challenges being tackled this year that are likely to lead to bot payments as early as next year.

About 80% of respondents to a new survey said they received at least one data breach notice in the prior 12 months, according to the Identity Theft Resource Center.

Nearly 40% of respondents received three to five separate notices over that period. The survey polled 1,040 individuals in November.

Of those who recently received a data breach notice, 88% reported at least one negative consequence, such as increased phishing or other scam attempts, more spam emails or robocalls or an attempted account takeover, the survey found.

It’s a situation many organizations find themselves in. The Cisco Duo 2025 State of Identity Security reports that 74% of IT leaders admit identity security is often an afterthought in infrastructure planning. As a result, businesses scramble to tack on an identity solution, often too late to assess whether it’s the right fit for their architecture, compliance, and scalability goals. ’Cause unlike the milk, it’s harder to swing back later and grab the right solution.

In that environment, the long-maligned guest checkout flow is gaining fresh relevance—not as a stopgap, but as a structurally efficient payment model.

As cyber threats intensify and user frustration with passwords seemingly grows, enterprises are turning to passwordless authentication for improvement in both security and customer experience. This shift—led by passkeys, biometrics, and magic links—promises not just stronger defenses but simpler, faster, and more imaginative identity journeys.

1Password allows you to import passwords via CSV from other password managers. If coming from Bitwarden, you can import more securely through an encrypted .json file. 1Password will also support the FIDO Alliance’s Credential Exchange Protocol (CXP) starting in early 2026, which allows secure transfer of passkeys in addition to passwords between apps and services with CXP enabled.

For decades, passwords have been the default mechanism for securing digital access. They are deeply embedded in enterprise systems and workflows, yet they were never designed to withstand today’s threat landscape.

Passwords are easy to steal, easy to reuse, and costly to manage at scale. Despite years of awareness training and layered defenses, credential-based attacks remain one of the most common causes of security breaches. At the same time, password resets continue to consume a disproportionate share of IT support resources, slowing productivity across the organization.

Passwords are a cybersecurity nightmare, with hackers trading stolen sign-in credentials on illicit markets every day. That’s because the overwhelming majority of passwords are too hackable, according to an analysis by Verizon, with just 3 per cent complex enough to withstand hackers.

Off the top, hosts Bill Fisher and Ryan Galuzzo of NIST provide a walk-through of NCCoE’s mDL privacy risk assessment, to help parties gauge what’s at stake in implementing mDLs. Its data flow diagram, an “abbreviated version of the NIST Privacy Risk Assessment Methodology”  written from the perspective of a financial institution, includes five questions that cover goals, potential problems and potential solutions.

The move to support passkeys brings Telegram in line with a growing number of platforms embracing the FIDO2 standard, a cryptographic login method backed by the FIDO Alliance and major industry players including Apple, Google, and Microsoft. With passkeys, Telegram users can now authenticate into their accounts using biometric data like Face ID or fingerprints, or a device PIN, instead of waiting for SMS codes that may be delayed or intercepted.

The initiative arrives at a time when governments and large businesses worldwide are focused on providing (and increasingly, insisting on) digital identities, such as the increased momentum behind the European Digital Identity Wallet, which will be required to do business online by EU and EU-trading businesses next year. The need for secure and interoperable digital credentials is apparent, therefore, driven by a need for greater convenience, better security, and the ability to access services (especially public sector providers) and verify identity online.

“The FIDO Alliance united the industry to solve the password problem, and the world is now embracing the simplicity and security of passkeys – with billions of accounts now benefiting from this significant shift in user authentication,” said Andrew Shikiar, CEO of FIDO Alliance.

The password is dying. If not in theory, certainly in practice. After years of technical development and cross-platform alignment, passkeys have reached a state of real-world maturity. The user experience is seamless. The infrastructure is robust. Compliance is no longer a barrier. And, most importantly, passkeys are working at scale for both consumers and the companies serving them.

After dropping hints on the Biometric Update Podcast, the FIDO Alliance today announced the launch of a new digital credentials initiative, to be carried out by a new Digital Credentials Working Group (DCWG). The company’s announcement calls it an expansion of the FIDO Alliance’s mission to accelerate the adoption of verifiable digital credentials and identity wallets. Work will focus on three foundational workstreams: wallet certification, specification development and usability and relying party enablement.

The challenge? Often, it’s the very first step. 

Passkey authentication is a system for accessing an account by verifying identity using a device, biometric information, PIN, etc. Since its introduction by NTT Docomo and PayPal in 2022, it has rapidly gained popularity as a secure method highly resistant to phishing attacks that target traditional authentication information such as IDs and passwords.

According to Executive Director and CEO Andrew Shikiar, the number of accounts using passkeys will reach over 3 billion by 2025, with approximately 15 billion potentially available accounts by 2024. Organizations such as the US National Institute of Standards and Technology (NIST) and the European Cybersecurity Agency (ENISA) have included passkeys in their security policies, and the system is also being increasingly adopted by government agencies, online services, and the private sector, particularly in the financial sector.

Members of the FIDO Alliance Korea Working Group (FKWG) submitted an official inquiry to the Korea Personal Information Protection Commission (KPIPC), which has responded by stating that the consent rules do not apply to biometric processes performed entirely on user-controlled devices. Since biometric data is not collected, stored or processed by the organization requesting FIDO authentication, the process does not qualify as processing personal information under the Personal Information Protection Act.

Members of the FIDO Alliance Korea Working Group (FKWG) submitted an official inquiry to the Korea Personal Information Protection Commission (KPIPC), which has responded by stating that the consent rules do not apply to biometric processes performed entirely on user-controlled devices. Since biometric data is not collected, stored or processed by the organization requesting FIDO authentication, the process does not qualify as processing personal information under the Personal Information Protection Act.

Listen to the podcast: https://www.identityatthecenter.com/listen/episode/29aaaa94/384-the-fido-alliances-next-frontier-digital-credentials-and-wallets

It’s no secret that Microsoft is on board with ushering in a fully passwordless computing future — specifically one that’s powered by a newfangled technology known as passkeys. Back in June, the tech giant confirmed its intention to bring so-called plugin passkey provider integration to Windows 11 in a future update, and, as of the recently-released November 2025 security update, the functionality is now live for a growing number of PC users running the latest version of the operating system.

Listen to the podcast.

Passkeys are part of the FIDO standard, a newer authentication method that replaces passwords with secure, device-bound cryptographic keys. Unlike passwords, passkeys can’t be phished, reused, or stolen from the cloud.

Addressing a key weakness in the company’s passwordless strategy, this move untethers passkeys from a single machine. By enabling cloud synchronization for these phishing-resistant credentials, Microsoft aims to make secure, password-free logins more practical for everyday use. F

or now, the feature is limited to Windows desktops, with support for other platforms planned for the future.

Ingenium carried out independent testing of iProov’s Dynamic Liveness technology, which uses patented Flashmark signals to confirm a user’s real-time presence. The European standard is the only one established for defending against deepfakes and synthetic media, and will be used as the starter document for a global ISO/IEC standard.

The FIDO Alliance, in collaboration with digital identity consultancy Liminal, has unveiled the Passkey Index — a new benchmarking tool that tracks the adoption, performance and impact of passkey authentication across leading online services.

Launched alongside Liminal’s Passkey Adoption Study 2025, the Index offers the most comprehensive view to date of how passkeys are reshaping digital authentication. “The data in the Passkey Index marks the first time we have been able to measure the actual utilization and performance of passkeys,” says Andrew Shikiar, CEO of the FIDO Alliance.

“The FIDO Alliance intends to grow this program over time as a benefit to service providers within our membership, a guideline for newer implementers and an industry benchmark to track ongoing growth of passkey utilization over time.”

One particular leaf of that nettle is authentication, and here I think we Brits can have some optimism. NCSC is working with the government and the FIDO Alliance on improving the adoption of “passkeys” across the public and private sectors. If you are not familiar with passkeys (which are already widely used), imagine you want to sign in to your Google Account on a new device. Instead of entering a password, a passkey allows you to log in to your account with a device you’ve already verified (e.g., your phone). You don’t need to remember a password and no-one else can log in as you because they don’t have your phone.

Dashlane’s latest report about passkeys doesn’t offer fresh insights about why adoption of this account-security upgrade remains so uneven, but it does draw out two selfish reasons for sites to deploy it: either they’re afraid of a sign-in snafu costing them a single sale, or they fear a compromised login will cost them a customer’s money and then all of that person’s future business. In fewer words: Greed clarifies. 

The password problem persists, but the solution is accelerating

Despite years of warnings from security experts, passwords remain the Achilles’ heel of digital security. According to Dashlane data, the average person now manages 301 passwords across their personal and work accounts. Yet, credential abuse remains the most common initial attack vector.¹ For CISOs and IT leaders, the problem is clear: The authentication method designed to protect users has become their greatest liability.

“The FIDO Alliance’s own data shows that passkeys significantly reduce sign-in time and have a much higher success rate compared to other authentication methods, meaning customers are able to get to the checkout cart more easily.”

Andrew Shikiar, CEO and Executive Director, FIDO Alliance

The certification affirms that Aware’s identity verification platform meets the FIDO Alliance’s standards for biometric performance, security and fairness. Testing was conducted by BixeLab — which recently revealed a new contract, CTO and facility — is one of only three labs globally accredited to evaluate biometric systems under the U.S. National Institute of Standards and Technology (NIST) NVLAP program.

“FIDO’s Face Verification Certification represents a powerful step toward a passwordless future built on trust, accuracy, and strong security,” said Ajay Amlani, CEO of Aware, Inc. “Earning this certification demonstrates not only our technological excellence but our deep commitment to transparency and innovation in biometrics.”

IDmelon software users can turn existing identifiers like biometrics, physical credentials and smartphones into enterprise-grade FIDO security keys. IDmelon also provides hardware to support passkeys and other FIDO standards for secure and convenient access control.

The draft was published on September 30 and seeks to get inputs from relevant stakeholders, the BSI said in a news release.

The BSI TR-03188 Passkey Server guidelines are available as a draft in version 0.9, the BSI says. It was drafted within the scope of FIDO2 and WebAuthn standards, among others.

There’s a reason everyone is working on a way to replace passwords. They’re often easy to guess, hard to remember, and changing them after every data breach is a pain, even if you do have a password manager. Thankfully, the Fast Identity Online (FIDO) Alliance developed passkeys, a new authentication technology that eliminates the need to enter your email address or a password into login fields around the web, and they’re gaining popularity. For example, Microsoft deleted passwords from its authenticator app in August, but left in support for passkeys.

Download the playbook to learn:

• The different types of passkeys and how to choose the right option for your organization
• A phased deployment strategy that helps you start small, scale confidently and standardize passkey adoption across your organization
• The ROI of passkeys backed by data from the FIDO Alliance

Phishing-resistant authentication isn’t a one-size-fits-all. It’s a journey. Complete the form to get our Passkey Playbook to start yours.

Listen to Episode 1 here: https://ow.ly/Y2Zl50X0vEJ

In India, the passwordless market is estimated at $411 million in 2024 and projected to reach more than $1.5 billion by 2030. This reflects how businesses are opting for faster, smarter, and safer login experiences. To understand what’s driving this trend and how companies are adapting, indianexpress.com spoke with Chandramouli Dorai, chief evangelist, cyber solutions and digital signatures at Zoho Corp.

Biometrics rank as the most commonly used authentication methods for high risk transactions. It’s also rated as the most convenient, with 58.3 respondents listing it as such.

As usual, there are corresponding concerns about data privacy. One in three people worry their biometric data or digital credentials could be stolen or faked, leading to identity fraud. One in Authentication data theft is a top fear. “Many users feel that biometric authentication, though widely implemented, still is not secure enough for them or their digital assets.”

BSP requires organizations under its supervision to strengthen fraud management and identity verification by June 25, 2026. The directive calls for the adoption of secure, phishing-resistant methods, such as passwordless authentication through FIDO standards.

The measure comes amid rising online scams and fraud cases in the country. 

“By 2027, more than 90% of MFA transactions using a token will be based on FIDO protocols natively supported in IAM tools.”

Imagine you’ve created a host of passkeys on your iPhone or Android phone. If you lose your phone or it no longer works, what happens to the passkeys on your device? Are they gone? Can you get them back? Fear not. There’s a way to set up your passkeys so that they’re tied to your account and can follow you wherever you go.

The trick lies in how you generate passkeys in the first place. By using a password manager that supports passkeys, Google Password Manager, or Apple’s iCloud Keychain, you can save passkeys to your account and sync them across all your devices. If you lose your phone or upgrade to a new one, your passkeys will be available once you sign in. Here’s how this works.

Passwords suck. They’re hard to remember, but worse is playing the ever-evolving game of cybersecurity whack-a-mole with your most important accounts. That’s where passkeys come into play. The so-called “war on passwords” has taken off over the past two years, with titans like Google, Microsoft, and Apple pushing for a password-less future that the FIDO Alliance (a consortium made to “help reduce the world’s over-reliance on passwords”) has been trying to realize for over a decade.

Like it or not, you’ll be prompted to create a passkey at some point, and you likely already have. That’s a good thing, as passkeys aren’t only much easier to use than a traditional password, they’re also a lot safer. Here’s everything you need to know about using them.

Attackers are always sharpening their skills to bypass organizations’ identity and access management (IAM) protocols – the key to gaining critical access – and artificial intelligence (AI) is making phishing attacks even more effective, and deepfakes are tricking even the most security-savvy mind. New authentication measures such as passwordless technologies, exist, but implementation challenges have hindered adoption.

Users must secure passwords

For users of the Microsoft Authenticator, it is a critical deadline: As announced at the beginning of May, all stored passwords are irrevocably deleted from the app on August 1, 2025. If you do not ensure or transfer the data, you permanently lose access to the stored passwords.

The changeover takes place gradually and has been going on for months. Since June 2025, it has no longer been possible to save new passwords in the app or to import from external sources. This affects both manual entries and the synchronization with other services. In July 2025, the autofill function was then deactivated, so that the app no longer automatically entered login fields on websites or in apps.

Newresearch from FIDO Alliance shows that while 87% of enterprises are adopting passkeys, nearly half of those that are yet to deploy cite complexity and cost concerns as primary barriers.HID’s solution streamlines the shift to passwordless authentication.

It might seem a little extreme, but the decision to start wiping passwords from its users has been months in the making. Microsoft has been slowly winding down Microsoft Authenticator, a free mobile app developed by Microsoft for Android and iOS that lets you securely sign-in to online accounts using two-factor authentication (2FA) or passwordless logins.

New research from FIDO Alliance shows that while 87% of enterprises are adopting passkeys, nearly half of those that are yet to deploy cite complexity and cost concerns as primary barriers. HID’s solution streamlines the shift to passwordless authentication.

The next phase of HID’s passwordless authentication roadmap gives enterprises choice, flexibility and speed to deploy FIDO without compromising user experience or security posture. The expanded portfolio delivers phishing-resistant authentication with enterprise-grade lifecycle management, making scalable passwordless security accessible to organisations of all sizes. The solution works seamlessly across diverse work environments while reducing IT support requirements through centralised visibility and control.

OK, so what happens to those passkeys if your device is stolen?

New research from FIDO Alliance shows that while 87% of enterprises are adopting passkeys, nearly half of those that are yet to deploy cite complexity and cost concerns as primary barriers. HID’s solution streamlines the shift to passwordless authentication.

Passkey portability is built on a new standard from the FIDO Alliance that lets apps exchange credentials in a private and encrypted way. It uses Face ID, Touch ID, or your device passcode to approve the transfer. From the user’s perspective, it just works. And that’s exactly how it should be.

The platform’s verification system requires UK users to submit either a government-issued ID, such as a passport, or a selfie through Persona, a third-party identity verification company. The approach follows successful implementations by other platforms, including Discord’s recent rollout of facial scan and ID verification in the UK. Persona handles the sensitive data to maintain user privacy, storing uploaded photos or IDs for a maximum of seven days without sharing the information with Reddit.

Reddit retains only the user’s verification status and birthdate, eliminating the need for repeated verification when accessing restricted content. Persona has confirmed it does not access Reddit user data, including subreddit activity. The privacy-focused approach matches emerging standards in digital identity verification, consistent with the principles established by the FIDO Alliance’s certification program for face-based remote identity verification.

The breach, discovered by researchers at Cybernews, is believed to have been carried out using infostealers that harvested login data and other sensitive credentials from multiple platforms. “This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews said in a statement. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”