So as we heard, right, inconvenient, big digital identity affects our digital economy. And whether we look into futuristic things we could do on the internet tomorrow, we can also start with looking at what we already do in the internet today and what weak authentication is doing with that and all the risk we are taking with that. And if you look into our online world, you really realize that it was built without what I would call robust security. And we saw the impact of that. Even more clearly in the times of the COVID pandemic, right? The online business was more relevant than ever before.
We need to add a protection against what I would call scalable attacks, right? And scalable stealing a phone is one thing, right? That's not what we are seeing on mass scale. These days, the mass scale attack these days. And that's for me, the step one we need to protect against before we get to the second one is really the, what can I do against the stolen credentials from servers and the fishing attacks, right?
And especially the fishing attacks show us that there is something very badly going on in the internet that we need to fix.
And this is because it makes it easy for attack us without breaking any system se without writing a, a, a tool that somehow breaks into a platform or the operating system or the app, right, just by tricking the user into entering a bar token, a password credential and OTP into the wrong site. And the first identity online lines was founded with a focus on making cloud as indication simpler and more secure. And there's really a reason why we are fast in our name and why simpler comes first. It's because our existing authentication model couldn't just be stronger.
It had to be simpler as well, if you were ever going to get to mass adoption. And so if you compare that to things like smart cuts P right, secure, but not usable, at least not on a global scale, right.
You have deployed in small scale enterprise like environments, governmental systems, but not on a global internet scale SMS OTPs, right. Which falls short on, on both usability and security front, nothing had.
So got, got the right balance so far, right. And was as ubiquitous as passwords are and driven by the founder of notnot labs, which is also the, the founder of the fighter lines. The lines were started by six founding members, right?
In, in launch publicly in 2013, and then quickly attracted many large companies like Google, NXP, UCO, entity, Duomo, and others. And as of today, you can see major additions that have helped us to move forward on our mission. And I want to talk about that a little bit now, right? And this is, we see all the large tech players, which are now part of the fi Alliance. And we also see a lot of additional sponsor members, associate members, liaison members, and also government members.
And just as a quick recap, how fi works at the center of all that thing is a procession factor.
And that's a physical thing, right? That's nothing you can just steal if you are a remote attacker. And this is so crucial for the security, because even though you could steal a physical thing, like a smartphone, you cannot steal hundred millions of them, but you can steal hundreds of millions of passwords and you can fish hundreds of millions of users. And so this is why that's so important that you have, that we have separated the user interaction between the users authenticator, where we can use biometrics and other things also pins, for example.
And on the other side, have standardized the protocol between the fighter authenticator and the server side on the right hand side, where only the public keys are stored in addition to that.
And that's because we expected and already have reached a vibrant ecosystem of different fighter, a syndicators, right, is a central machine readable repository of authenticates. And their characteristics is important to make it easy for the relying S except authenticates and to respond to their specific security characteristics, right?
It's not that all have the same security needs banks, financial institutions are regulated. They have different needs and like, than just a cloud storage provider, right? And so we support them all with different authenticators and they can react differently to, to seeing different authenticator models, right? Some models might be, have a need to be augmented with other authentication methods. Others could be accepted as the all authentication method. So in summary with fi authentication becomes simpler. As the user can always use the preferred gesture by the user, right?
And doesn't need to remember different passwords for different relying parties.
And it's faster because it doesn't you as a user, doesn't have to wait for, for any SMS OTP to be delivered, right.
Or, or read and type anything to just swipe your sensor or enter your pin or whatever. Right. And it gives you the ability to work across devices. On the other hand, it also becomes stronger because at the core, we don't have bar tokens that can be stolen easily. At the core, we have asymmetric cryptography and, and those credentials, which are based on that, which are bound to a device very strongly. There is no third part in the, in the, in the mix.
And the biometrics, if you used, will never leave the device, meaning it's also very privacy preserving certification, which is one of five's most important investment areas is what makes the ecosystem tick. Right? We want to make sure that all the authentics, which which tell you, we are fighter certified are really interoperable with all fighter certified service.
And that's what we have achieved.
There are different security levels of a indicators level one, for example, prevents against fishing, scalability attacks level two against mal attacks and OS compromise and level three, even against physical device attacks. And this is where you see the different security levels, right? They all are interoperable and that's something we never had in the past, right? When you use PPI certificates on smart cards, you couldn't easily IOP operate with other authentication methods in the past now with fi that's possible. And that makes it really scale on the, on an internet basis.
So the next thing on the Fidos mission, right, was to become part of the S DNA. So very similar to how S SSL became part of the DNA. And so what we have reached already, we have more than 800 fiber certified products. We have more than 4 billion devices on which fi works and more than 150 million people are using fi each month, right?
So it's, we have already reached a, a massive scale with one of the most important collaborations that fiber align has. And that helped us getting there is the one MSWs C, right? This is where the, the browser things, or the things browsers implement are being standardized. And that's where web authentication that is vital contributed to the WSC a while ago, right. Is now being maintained. And that's important for that, with that.
And other collaborations, we achieved ubiquitous support across all the different platforms, right on every device, every browser, every operating system, fi platform loss indicators are pre-installed and fi security keys can be used. And that's great. We are really proud about that. We have seen a lot of different service providers already adopting fi you can see some of those names here, right? For some reason, it started in Asia, went to the us, and now it, it, it really hits Europe.
I think B, B V a and, and login in the UK were one of the, the early adopters in Europe for that. Right.
And which is really great to see. There is another level where we see great progress, and this is on the government recognition level. So we see an increasing number of governments recognizing the value of Fido and mentioning Fido as one example, to bring fishing resistance to existing devices. And the main drivers here really security, mostly in governments, fishing resistance for authentication. And on the other hand, banning shared default passwords and devices on the IOT side, we see both. And we think that that's a great achievement as well, right? That governments are convinced, right?
That fighter is a good way to do that. They are technology neutral, which is good, but they have ensured that the regulations are written in a way that modern protocols, which are really different from the approach than existing bar token based or syndication methods are still formally acceptable in that way.
And of course deliver much more security than that. So with that, we think that with all our existing WSC, ISO I Emco collaborations, and the other collaborations we have, we have already become part of the vet DNA. So many devices have been shipped. We have many government proof points.
And so that we are now really looking on what is next, and for us, that is driving utilization, right? And so this is our current focus to make sure that more people see the benefit and are following the ones that have already deployed are looking at existing case studies and the benefits that existing deployments have given. And they are really very convincing those case studies. You see that a lot of speed up and sign in rates, sign up, time reduction, et cetera, have, have, have been achieved. And for large companies, that's typically worth millions of dollars.
So it's, it's a good achievement here.
So what's next? What are we working on to drive adoption? The first is a fiber authentication bar. So we are measuring, and we have recently announced that new survey here measuring the different behaviors on authentication and the progress over time. And the main finding here in our first version was that people, the users are really trying to, to make their authentication more secure, and they are doing what they can do. And which is limited for many users today, right. May mainly right. Use more secure passwords, right?
Where relying parties, the service providers can start deploying Fido to make it easier for users to even get more security. Right. And so that's the takeaway. We need you to drive the adoption, the technologies already there help your users because they want to be more secure, online, right. To help them being more secure, to make sure they can have more choices to becoming more secure going forward.
The other thing is we are helping in education and, and enablement, right?
So the, the first thing we have seen is that the user experience in the passwordless gold is quite different, can be quite differently than it is in the password world. This is a very positive side, but it's a change. And as always change needs some, some help, right? Some education where you tell people what is possible, where potential pitfalls are, what, what you need to do to make sure that the, the users are adopting that are, are willing to jump in.
And so we have written some UX guidelines, which you can look at as a relying party to see examples, how a nice user interface could be, could look like and how the user journey could look like to make it easy for users. And also a little more similar to what others have done so far.
And the second we have a, a website login with fi so consumers that want to understand how Fido works, can look at that and, and see how it works. So relying parties can link to that website, right? To provide a, a standardized information to their users to explain what that new passwordless method is. Right.
Which makes it easier for the relying parties to adopt that technology. In addition to that, we also have a fi certified professional program. That's a program where security professionals can get a certification, right. And show how much they are aware of what five is doing, right. How to deploy fiber solutions, how to analyze the business requirements, how to design, implement, and tech and the technical requirements, et cetera. Right. Which helps to, to get the industry adoption as well. And in addition to all that, we also have adjacent work in identity and IOT, right.
As when I started, I said, in the end, the bar tokens, right? That is a problem. We need to always have a possession factor. We are now helping to write minimum guidelines, to use possession factors like government ID cards, right. For the identity provings for the remote identity proving. And this is at least to our knowledge, the first time that there is a standardized way, right. That people have written down what you can do, what you should do, and what in the end might be a good enough, right. To verify whether a, a presented identity document looks real. Right.
And, and whether it matches the, the user, which is currently at this online device and might have, have presented a selfie at the same time. So that's another thing we are working on. I think the, the, the first proposals are on the table and we are in the process to, to getting that released, to make sure. And right there is minimal requirements for the large variety of ID proofing providers in the world, which are now providing some document verification services to allow the remote ID proof of users.
The second work stream that, that we have on the table right now is the fast, scalable device provisioning, right? The passwordless onboarding of IOT devices to a network.
And again, this is about a procession factor, make sure that you can use fiber authentication to the device, but also can use a password, less onboarding of devices to, to a network to make it much cheaper than because studies have shown that sometimes the value or the cost of a device is lower than the cost of manually onboarding such devices to the, to, to the network. And so focusing on making that easier is an important step here.
And that's what we have done with the fast, try to fast and device onboarding FD protocol, to get the devices on, on the network without ever entering any password. And you might be aware that arm COCOM and Intel, are they driving people behind that, and that's large scale CPU and device platform makers in the world that help us to, to get that more specified and adoption of that.
And so with that, right, we already have made great progress in making the online world more secure, right. Please help us driving adoption even further, right? Deploy final based solution, join the Alliance.
And of course, spread the world about fi right. There is better things than just usernames passwords and OTPs legacy or syndication on the internet. And if you look at Europe, there's better ways to authenticate users than just sending post notifications to devices in the hope that there is a, an app installed there. You can use those things in browsers.
And we are also working very closely with the WWS C to get a secure payment confirmation officer ground, which helps you to fulfill dynamic linking requirements in from the PSD two world, right in, in browsers to use fi to essentially approved payments in the internet, in your gap browser, to make it more secure and more convenient for users to in the end, reduce the rate of cart abandonment that we have seen and are seeing today.
And you might have seen the EMVCo really secure announcement version 2 0 3, which explicitly talks about vital support that they have added ation support and SPC support, right? All the things the vital lines is working on and driving. So we think we make secure the, the authentication stronger, faster, more private privacy, preserving more convening for the users. And it can be used in many use cases, not just online session or communication, also in the payment space, also for document verification in some way, and also in the IOT space, right.
To support user, to device and device onboarding. So with that, thank you very much for watching. And I think we have some time left for questions.
