Multi-factor & Risk-based Authentication , Security Operations , Video

Microsoft Exec on Why FIDO Authentication Beats Certificates

Microsoft's Libby Brown on How FIDO Passwordless Authentication Cuts Complications
Libby Brown, senior product manager for identity, Microsoft

Moving from certificate-based to FIDO authentication dramatically reduces overhead and complications for large enterprises looking to move away from using passwords, says Microsoft's Libby Brown.

See Also: Conversational Cyber Insurance: How Cybersecurity and Cyber Insurance are Interwined

FIDO allows organizations to adopt strong passwordless authentication by simply buying a FIDO key and turning it on in their Azure Active Directory, says Brown, senior product manager for identity at Microsoft. This means they can eschew the complicated setup associated with trusted root certificates. FIDO uses public key infrastructure, meaning that users can create and store their credentials securely without having a centralized place to store them, she says (see: How FIDO2 Can Streamline Passwordless Tech, Account Recovery).

"It's something that any user can have some instructions and set it up," Brown says. "Any organization can help their users set it up. It is so much more simple."

In this video interview with Information Security Media Group from the FIDO Alliance's Authenticate 2022 conference, Brown also discusses:

  • The biggest passwordless challenges at large enterprises;
  • Best practices for implementing identity verification;
  • Balancing phishing resistance and ease of use for small to midsized businesses.

Brown is responsible for driving Microsoft's Azure Active Directory features and scenarios and championing passwordless technologies. She also has product, program and/or release manager roles within Microsoft Learning, Office Live Small Business, Office 365, Azure Commerce Platform and Universal Store. Outside of work, you can find Brown answering product questions on Twitter as @TruBluDevil.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.