Trusted identity security.

RSA, the security-first identity leader, provides trusted identity and access management for 12,000 organisations around the world, managing 25 million enterprise identities and providing secure, convenient access to millions of users. RSA empowers organisations to thrive in a digital world, with complete capabilities for modern authentication, lifecycle management, and identity governance. Whether in the cloud or on-premise, RSA connects people with the digital resources they depend on everywhere they live, work, and play.

The problems RSA solves.

The rise of remote work, geopolitical crises, and new technologies are accelerating the volume, sophistication, and impact of the threats to our planet’s digital security and infrastructure. It’s no longer enough to stay just a step ahead. The people of RSA are obsessive about finding ways to mitigate what comes after what comes next.

Passkeys have become very widespread thanks to consumer services such as Google, Apple, Facebook and co., offering significantly increased security compared to logging in using just a password. Originally, ‘passkey’ was a name that was only intended to be used for synchronised FIDO authenticators, but the FIDO Alliance decided to refer to all FIDO authenticators as such.

The FIDO Alliance was founded by several companies (including PayPal) to develop an authentication standard that was originally intended to be used as a second factor. The result was passkeys—one of the most popular passwordless authentication methods. Counting Apple, Google, PayPal and Microsoft among its membership ranks, the FIDO Alliance is predominantly focused on the consumer segment.

Passkeys use internal asymmetric key pairs to authenticate users when they access a service. Once a passkey is registered to a service, a new key pair is generated and the service will then trust that pair. The key pair on the passkey is linked to the service’s exact domain name to ensure protection against phishing. After all, passwords can’t be stolen if none are used. While this also applies to other passwordless MFA methods, FIDO also creates a strong link to the domain name of the target service.

Device-bound passkeys are, for example, USB sticks and are where key pairs are generated and saved. The keys never leave the passkey. Synced passkeys are, for example, smartphones and tablets, which use sync fabric to copy the key pairs to all the user’s other devices. The two largest sync fabrics are Google and Apple, but passkeys have also been supported by MFA providers such as RSA Security for many years. The question of whether passkeys should be used in a corporate environment is not something that can be easily answered. If passkeys or any other passwordless authentication methods are to be introduced, it’s worth taking the opportunity to review your MFA processes as what was fine for hardware OTP tokens for the last15 years, probably won’t be enough for passkeys and other MFA methods today. How are authenticators registered? What’s the process when an authenticator is lost? How are users, applications and data classified? Passkeys are one of many MFA methods. Their resistance to phishing is clear, but can users also use them to log into a remote desktop?

This is just one of the many reasons why it’s important for companies to keep their MFA system technology up-to-date by ensuring support for various methods such as QR codes, biometrics, OTP, push notifications and FIDO passkeys, but also by continually adapting the process to tackle the latest threats. This goes well beyond the MFA system itself and covers, for example, whether a helpdesk is also securely protected against social engineering attacks. In ID Plus, RSA Security (https://www.rsa.com) is offering a complete MFA solution as part of the RSA Unified Identity Platform. It goes without saying that FIDO passkeys are supported if permitted within a policy. Synced passkeys cannot be registered in the standard configuration, which means, from a technical perspective, there is nothing to stop the step-by-step introduction of passkeys or even a limited pilot.

Sign up for a free 45-day trial of RSA ID Plus and discover how quickly you can set up, deploy and use the identity solution. Get started in a snap! We can set up your tenant within just 24 hours!

Find out more