Identity & Access Management , Security Operations , Video
Merck Germany Exec on Why FIDO is Still Such a Tough SellAndreas Pellenghar Points to Identity and Usability Issues, Lack of Tools
Identity verification and lack of WebAuthn implementation in legacy applications and smartphones are two of the biggest challenges associated with adopting the FIDO authentication standard.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Merck Germany's Andreas Pellenghar, who has implemented FIDO authentication for thousands of employees, points out that there's no solution on the market that can verify online identities. Also, the current setup requiring smartphone users to jump to a browser to log in is turning people off, he says (see: Trusona Exec Goldman on Bringing Usability to Authentication).
"The workaround obviously is complicated," Pellenghar says. "You have to use the browser and then authenticate in there and then go back to the application. It is uncomfortable to teach everyone how to use it. The workaround helps, but we really want to have an actual solution."
In this video interview with Information Security Media Group from the FIDO Alliance's Authenticate 2022 conference, Pellenghar also discusses:
- Why Merck prefers device-bound authentication to universal passkeys;
- Why it's tough to deliver a consistent user experience across browsers;
- Why the benefits of FIDO authentication outweigh the hurdles for Merck.
Pellenghar is the head of identity and access management at Merck Germany, a science and technology conglomerate with operations across multiple sectors including healthcare. He turned to FIDO authentication to deliver secure access to the 80,000 users across his organizations.