Hey everyone. I'm going to talk a bit about Passwords, legacy and how, what's the future, at least that we see in the scope around the C. Let's continue. This is a bit about me. I'm a co-founder at the Scope we're a C platform and some of my hobbies and a bit of more information. But let's jump ahead a bit to the agenda. So today I'm going to talk first of all about challenges that are in the customer identity space, eh, later on, jumping to protocols that address some of those challenges, eh, which are relatively more cutting edge, eh, some of them mirror, some of them older, eh?
And last will we give some tips? So how to make a customer identity a business enabler.
So small audience question, what are the top priorities for C execution? Anyone who, who wants to take this? What?
What's, when somebody's going to implement C, what is the things which is more he cares about the most? Anyone who your experience, no threat. Great. That is definitely one of them. Thank you very much. Anybody else want to raise?
Yes, quick registration. Excellent. Another one. Security. Security. Great. And compliance. Compliance. Good.
Okay, we've covered pretty much it. I took from some generic report, but it's pretty aligns also. So things that we see in the, in the market, well first of all, there is like a fraud risk, right? Fraud. It's also related to the security obviously translates to money loss in a lot of companies and creates a lot of problems for, for companies which invest a lot and how to reduce the fraud every reducing the, the amount of fraud, they all translate immediately to money savings.
So the RI is very high on that.
And the second use case priority, which will be is identifying identity touch points or you can say also identity silos here. This is something that we see a lot, especially in the EMEA region. But not only that, basically companies grow over time and they have several products which are not using the same authentication system. They have either acquired via m and a com other companies and then try to embed them into the the original product. So what happens there is a segmentation, there is a basically identity silos.
Each product uses its own authentication system and this creates a lot of friction to actually what some of you have raised about the user experience about how fast can they log onboard and log in. It's, they go to one product, it's from from the one company and they go to the, to the second product of the same company and they expect to be the same experience.
They expect to be already logged in when they, they're going into the other product and they don't get it. And this creates a lot of friction.
It doesn't look good from the user experience and create a lot of problem to, to companies that have multiple products and where we've seen in the product companies with it's 2330 products and each one has its own login page and its own sign up page and you need to re-log in each time. And this is a big problem and a big motivator to, to go into a cpro project for many times.
The last one is related to the first one but is more focused just removing friction from onboarding even if you don't have a different identity silos, how to make your customers onboard as fast as possible with all the information needed. Log in fast that you don't lose them either in onboarding or in the login to create friction that cause them to basically lose on conversion in the boarding.
So jumping ahead. So modern protocols, how many of you know Fido?
Yeah, very popular. IDC I'm guessing even even more fat cm, who knows here What Fat CM is Anyone? No one correct. That is what I expected. Fat CM is way more but not as popular. Newer we'll talk about a bit, but as the other two protocols we'll show a bit about how Web of N helps on both reducing fraud, better security better and also removing, removing some friction open Id connect and also removing friction but but also on the identity silos and on unifying the experience. And FE CM is also a bit like open, I connect on both the, the removing friction and the identity silos problem next.
So we'll start with Pasky and well the protocol is web of N and some of you might know it as pasky that the implementation is gaining a lot of popularity and it's definitely a trend not yet as deployed as other authentication method, but definitely offers better, better security over definitely over passwords but also has big advantage of other passwordless authentication methods.
It's unfishable, it's using private and public key encryption, which is giving it significantly more secure.
And some of them can can say, you can say that it's two factors in one in some ways it's something you are the biometric, that's a fingerprint that you did and also something something you have is because it's a lot of time based on a device on the phone or mobile phone or your laptop. Not a hundred percent of the cases, but it's definitely, you can argue it's two F, it's two factors in one. It's definitely growing in the popularity. It gives better experience.
You can see here the, the PAs is the, the auto complete one option that actually just press the username and it also already pops up the, the PAs is already stored for this app, for this domain, it's unfishable basically because of that restriction that it works with a specific domains of something's trying to create a, a domain, a website faking your website.
It won't work.
The, the PASKY will not work for for for other domains and that's BA basically Pasky you probably heard a lot so I'll jump to the others and leave a enough time to fit cm probably IDC probably most of you in the room already know her then worked with OIDC and there's some capacity, I won't go deep into the implementation et cetera. But how do you use Open? Id connect to basically some of you know the open ID is well established to use to build SSO for a company, right, for the workforce. But can you leverage OpenID Connect for other use cases?
And here, and this is something where we've seen a lot, it's basically open, I connect to build SSO on top of your intel, your apps, the company apps that are external, the CM based apps. How you do that, there is several ways to do it.
Open Connect, as you know, based on redirect you could put identity broker in front of the, those those existing apps.
Whether those apps are custom apps that you've built or or apps which are external like a Salesforce or some I either app which is supported as long as those apps support OIDC as a, then you can basically redirect to those app and basically build SSO across apps which are external. And so this, because of the interopability of OIDC and because it's already supported in multiple platforms, IDPs and the relying parties, it gives you a easy way to basically build an SSO experience across the apps you already have in the company.
And those and that way leads to building a unified experience for every, for every user login.
And let's jump to Fed cm.
So Fed cm, it's a federated, a credential management basically. How many, how many of you are familiar with one tap Google one tap? Do you know what it is? Do you know, have you ever gotten this popup saying sign into medium with Google? You've probably seen it a lot. It's very popular. The value in this, in this type of popup is enormous because it's basically the user experience, right?
You don't need to type in your email, you don't need to type your username, it just pops up and you already have an accounting Google and most of the people in this room probably already have a accounting Google. It's already logged in. So you just need one tap, one click and you are in and you're in in an app like medium.com for example. So it's a great experience and it helps in conversion for conversion for a lot of apps out there.
It's been out there for a while and lately it's switched to a new protocol behind the scenes that powers that capability, which is called FE cm.
They made a switch few months ago pre pretty much. So everyone that uses OneTap needs to do some migration, but that's another problem. But the idea of FE CM is to leverage that technology, this protocol to other use cases and not only to log in with Google but to use that for different use cases. For which different use case could you use it for? It's the Fed CM is part of what's called the Google Privacy Sandbox program.
The idea here is to phase out third party cookies and some of the use cases that involves session management involves having a session across different domains, which is third party cookie when you're moving between those domains. So going back when a company has several companies, it's acquired on separate domains, right?
One company has two products on two different domains, but they want one experience or at least that when you go to one of those, one of those domain and you already log into the other one, you'll be able to log in faster to the, to the, to the second domain because they belong to the same company. So again, it's related to the unifying of experience to do that.
It's problematic right now with third party cookies, which are going away as you know, already not supporting several browsers but as part of this push they are supporting Fed cm, fed CM basically tries to reach out to an I every domain, reach out to an IDP in this case, in the one top, the IDP is Google, but in other cases it could be a company built A-I-I-D-P-A custom one or existing IDP that basically will give it the one to sign in with with one of those domain with the account of not Google but the company that basically is the holder of that domain. So it's very cutting edge.
It's not deployed, it's
Really not widely deployed, but the implementation of it in the future is going to be very interesting and we will need to keep an eye on that. It is supported in the latest versions of Google Chrome, not on the other browsers right now. And it's things might might change especially on the relying party. Part of the API for that has been told by Google Tips to business I'm not left with a lot of times, so I'll try to go really fast on those Go passwordless.
That helps also with frictionless experience most of the times and more secure no passwords, you don't need the credential staffing, we heard this week big issues on the credential staffing from several from a big breach that was announced the past few days. So definitely it's definitely consider going passwordless both better experience security, adaptive MFA. So if compliance, that's somebody, someone race doesn't force you to do MFA on every login. If you could reduce the risk of their still improve security, reduce fraud and not add too much friction for everybody to do.
Second factor, if you do adaptive MFA and you have a decision point of time to actually do the login. Wow, I'm really out of time so I'll go really fast. Pasky is also the trade off between UX and security. This is our platform. This is marketing, pushing stuff in. Feel free to contact us. Thank you. Two seconds. Thank.