Thales Blog

FIDO, Biometry and Contactless: Enhancing End User Adoption of Phishing-Resistant MFA

November 30, 2023

Gregory Vigroux Gregory Vigroux | Senior Product Manager More About This Author >

The surge in social engineering and phishing attacks seeking to bypass established multi-factor authentication (MFA) methods indicates that organizations must move to phishing-resistant MFA. In their report “Avoid the Top 9 Pitfalls of Implementing MFA,” Gartner makes several recommendations for careful consideration by security professionals responsible for the successful deployment of MFA. According to Gartner, “deploying MFA is the single effective step you can take to improve security,” [but] “deploying MFA is a complicated endeavor. Different user constituencies require different credentials…Risks and security must be carefully balanced against user experience …”. The combination of FIDO2 device-bound passkeys and biometry helps to bridge the gap, providing phishing-resistant MFA with the enhanced authentication experience required by some users.

The Benefits of Combining FIDO with Biometrics and Contactless

FIDO2 authentication enables users to capitalize on standard FIDO2-certified security keys to authenticate quickly and securely to online services in desktop and mobile environments. Accessing apps or IT systems by replacing passwords with FIDO2 authenticators introduces a modern passwordless MFA experience that is resistant to phishing attacks and account takeovers and enables user adoption.

Adoption of Phishing-Resistant MFA

Integrating FIDO2 authentication with biometric verification creates an enhanced authentication experience with extra robust security. While FIDO2 authentication provides a robust security mechanism, biometric verification adds an extra layer of protection by verifying the user's physical traits. This combination ensures the end-user has a seamless authentication experience while, at the same time, the company IT department can rest assured that their system is compliant and secure.

Enhanced Authentication Experience

By combining these two authentication technologies with NFC, organizations can provide a user-friendly and convenient authentication experience. By incorporating biometrics, FIDO2 and NFC, users can enjoy a seamless, contactless login experience without remembering passwords or entering PINs using a keyboard. They simply tap the card while placing their finger on it and are authenticated. The improved user experience helps to improve user adoption rates, productivity, and overall satisfaction.

Protect data privacy

It's worth noting that biometric data is always kept secure on the authenticator device and is not transmitted, which is a great way to protect users’ data privacy and ensure compliance with GDPR.

Notable Use Cases

Typical use cases for FIDO with biometric authentication include office employees, who require access to sensitive digital resources on a daily basis from their computers, and IT security is considering FIDO + biometry as a way to facilitate MFA adoption. With this method, employees can use a smart card to log in to their desktops and access the applications required to do their job. They can also use the card on their mobile phone when they are traveling, increasing productivity without hampering security.

Imagine frontline workers in industries such as oil and gas platforms or medical centers who need to access applications, messaging, and sensitive files (i.e., medical data or intellectual property) on shared mobile devices. For these workers, a biometric smart card that they can tap on the tablet may be the most convenient option.

Executives and other VIPs who need to access sensitive applications from their mobile devices can also benefit from FIDO with biometric authentication. This technology provides a secure and convenient way to authenticate their identity without compromising sensitive information. Given the nature of their work, it is crucial for them to use a reliable and robust authentication method. With FIDO, executives can enjoy a seamless and safe experience accessing their sensitive applications while enhancing the security of their organization’s data.

FIDO, combined with biometric authentication and NFC, is a secure and user-friendly method for accessing digital resources. However, it is essential to note that it may not suit all users and situations. Different users have different needs, and a one-size-fits-all approach to company-wide MFA compliance may not always be practical. For example, frontline workers who require quick access to shared resources may find FIDO + Biometry a convenient authentication method. However, other authenticators may be more suitable for workers who wear gloves, such as FIDO with PIN.

Thales is expanding its portfolio of FIDO hardware device-bound passkeys, adding a FIDO biometric smart card. Learn more about Thales solutions that meet your business and access requirements.