Passkeys and the FIDO Alliance: A Conversation with CEO Andrew Shikiar

Christine Owen:
Hi, there. My name's Christine Owen, and this is another episode of Identiholics. Today I have Andrew Shikiar, the CEO of FIDO Alliance, and I'm really excited to have him on. Hi, Andrew, thanks for-

Andrew Shikiar:
Hey, Christine.

Christine Owen:
Yay. So it's been a long time coming for sure. The one thing that I like to start out talking about and asking about is how you ended up in your position. I am sure when you were a little boy, you didn't say, "Oh, man, when I grow up I want to kill passwords." I bet there was a winding path to get there, so it's always very interesting to hear how people got to where they are.

Andrew Shikiar:
I actually studied how to lead identity standards organizations in college.

Christine Owen:
No way, really?

Andrew Shikiar:
No, I did not. I never thought I'd be doing this. And whenever my kids ask me or someone asks me, "How do you do this?" The short answer is always be open to opportunities. How I got to FIDO, I actually started in the identity industry before identity was cool like it is now. I worked at Sun Microsystems in the late '90s as part of their JavaSoft team, and then I left there for dot-com riches+, which did not pan out. And after that, I was brought back to help Sun launch something called Liberty Alliance, which were the first standards in identity federation and also to help with Sun's identity go-to-market activities. So this was 2001. I hate to age myself, but that's just facts. But part of my role at that-

Christine Owen:
So you were about three or four? You were young.

Andrew Shikiar:
Yeah, I was like Doogie Howser of identity, basically. I was like four years old. Doogie Howser, god, there's another... I'm just digging myself deeper.

Christine Owen:
I know, dude. [inaudible 00:01:56]. That is true, that is very much a dated-

Andrew Shikiar:
Someone will understand that reference and they're laughing also. But part of my role at Sun was to... It was a new concept, so part of what I did was fly around the world and talk to top customers of theirs about identity. And I still remember my deck, which was actually... We weren't allowed to use PowerPoint [inaudible 00:02:17] office, but I had slides titled, What is Identity? And that's literally the conversation I'd have with boardrooms. And people just didn't understand this concept. We talked about what's identity mean for your customers, what's it means for your employees, what's it mean for your business partners? And we're just trying to get people to understand the very concept of identity, which of course all of us and all your listeners know very dearly. So that's how I got involved in identity a long, long time ago.

I ended up working for the Alliance for a few years, Liberty Alliance for a bit, and then did some other consortia work, some startup and advisory work in mobile machine learning. And then in 2015, I saw an old colleague from Liberty Alliance, Brett McDowell, who was the executive director at FIDO, was looking to make a marketing hire. Now, at this point, I'd sworn off Duke and social work, but I somewhat reluctantly got in touch with Brett and offered to come on a contract basis to help him get the marketing effort jump started. And that was all I was going to do. But within a few weeks, I immediately felt that there was something really special going on with FIDO Alliance, both the remit and the participants.

And needless to say, my scope has grown over the past decade, and I feel really good about the work that we've done as a team to help the Alliance achieve its goals. That's how I got here. I'm incredibly grateful that I took that leap as this by far has been the most rewarding thing I've done in my career and probably the most rewarding thing I'll ever do. So that's a very long answer to your question, but one takeaway is never be afraid to explore things and never be afraid to go back on ideas that you have and be open to new opportunities.

Christine Owen:
Yeah. I find that every time I say I'm never going to do something, I always end up having to do it.

Andrew Shikiar:
Yeah, that's usually me with bad habits, but in this case, it was professional. Yeah. It's been a blast and it's incredibly inspiring.

Christine Owen:
That's amazing. And quite frankly, the real cool thing about it and with you at the helm of FIDO Alliance, everybody I talk about passkeys and identity to literally anyone who will listen to me on the street, and everybody knows what a passkey is now, which is so cool. And I definitely think that if it weren't for the great marketing that is coming out of the FIDO Alliance and then all of the amazing members who are doing a really good job of making sure that everybody understands what a passkey is and why it's important, we wouldn't be here today. So I don't think that the work is done because we still need to continue with adoption, but how do you think that you and the team got us really, not just us in the US, but us around the world, to get to a place where we all understand passkeys now?

Andrew Shikiar:
Yeah. Look, I think this is partly about methodically sticking to our mission and partly about reacting to market feedback. So let's talk about why passkeys have been successful, and then we'll talk about why people know about the term passkey now, which is truly amazing, the fact that most people know what a passkey is. But it took us a while to get here. When you think about passwords, we all know passwords suck, but they do have some advantages number one being, tied for first, are incumbents and ubiquity. So passwords have been around since the internet itself, since before the internet itself. And everyone, whether you like passwords or not, you know how to use one. And by and large, you can enter a password just about anywhere you want. And it may not be fun to enter it on a keyboardless device or smart TV or automobile, but it can be done.

So when you look at FIDO's very audacious goal, which is to replace passwords, we had to take on that incumbents and that ubiquity. And a couple of key milestones have happened in FIDO's trajectory that helped us get there. One of those was a decision back in 2015 to submit what we were calling our FIDO 2.0 web APIs to W3C and form the Web Authentication Working Group. And by working with W3C, yeah, it took a little while for us to get WebAuthn and FIDO 2 complete, but by the time that was done around 2019, it immediately had the buy-in from the web itself. So every major browser supported or was on its way to supporting FIDO in the browser. And then shortly after that, the major operating systems supported FIDO explicitly in the operating systems. And that set the stage for us to have ubiquitous end point support, if you will, meaning that if I'm a relying party and want to have my consumers or my users use FIDO, they can. So that was huge.
Another key moment in our trajectory is when Apple joined FIDO Alliance in the beginning of 2020. This was a very, very seminal moment because Apple is not a frequent and visible participant in a lot of standards efforts and we're very grateful that they chose to back up the work they've been doing on Safari by joining FIDO Alliance. And perhaps most importantly, that answered the annoying question I always get when talking to prospective members, which was, "What about Apple?" So having Apple join I think really sent a very powerful message to the world that FIDO Alliance and FIDO standards are the place to talk about moving beyond passwords. So that really set the stage for us to do what we're doing now, which is deploy passkeys at large.

Now, I mentioned market reactions and market feedback. I think one of the key things we're doing as the Alliance is focusing on usability. This was based on what we were hearing in conversations. So in the mid-2010s conversations I would have with prospective deployers of passkeys or FIDO, excuse me, was they all came from a security posture. "Is this really [inaudible 00:08:30] has this layer in my identity stack? Talk to me about cryptography," so and so forth. But around 2019, 2020 the question started shifting to, "What's my user experience going to look like? How do I make sure that people know what FIDO is?" Similar vein of questions like that.

And so we took that as a cue and launched another very big milestone or seminal moment in FIDO's history, which was launching our user experience research and user experience efforts. And so we released our first UX guidelines back in 2020, which were very practical tips on how to introduce users to a passwordless flow using a PC. I think it was called FIDO for Platform Authenticators. And at the time, people were supporting WebAuthn in different services. So eBay was one, several companies did that, but everyone had a different approach. Not only was the terminology different, but the user journey was different. And so by focusing on usability, it allowed us to do a couple of things. One, it allowed us to coach the industry on best practices for rolling out FIDO authentication, which is very important. Secondly, it made us very keenly aware of the fact that there's desire and opportunity to have a consumer brand, consumer mark.
Now, at the time, part of our testing was consumer feedback on what we'd put out there as the I-Mark, may remember the I in FIDO. I-Mark was near and dear to my heart. While the I-Mark no longer is with us, the learnings are, which is that we needed to have some sort of consumer brand, something consumer recognizable. And so a couple of years later, in 2022, another big milestone, is when they introduced the term and the concept of passkeys. And this was something that was driven and we did in conjunction with our major platform stakeholders, so Apple and Google and Microsoft. We did two things at this point. One, we introduced the term passkey, so no more I-Mark, but talking about passkeys and a mark that we manage. But perhaps more importantly, we created the opportunity or created the option for the private key and the FIDO key pair to be securely synchronized across a device cloud or credential manager cloud, which means that the usability quotient of the FIDO experience for consumers was exponentially improved.

So all of a sudden now, instead of having to enroll every device for every service, you can enroll one device, enroll passkey one device and be readily available across your devices. And time and time again, we had heard from large consumer RPs that was holding them back, that forcing users to enroll every device for every service was not a value proposition they wanted to put on their users. So it's really a combination of all these things. So methodically sticking to our mission, putting the technical pieces in place, and then focusing on UX both in technology and in branding and usability that got us to the place we are now, which is where the term passkey and the passkey experience is becoming more and more common for consumers around the world.

Christine Owen:
Yeah, I think two things from that. One is that as technologists, I feel like people forget how important change management is. And the great thing about FIDO is that it's baked into the organization itself because it doesn't really matter... There's something for everybody. So there's the highly technical track, there's the deployment track, there's the change management track. All those are really important to be able to get a successful deployment out the door. And sometimes, I know when I was doing deployments, engineers would forget about that change management piece and how important it was to market that change management to their users even when it was a required change.

But the second thing that I think is also really important is that synced passkeys are... I totally agree, synced passkeys are for situations where there isn't as much of a high risk situation. So if I'm logging into, a great example, a FIDO member, my target account so I can buy things, I don't need to have as heavy of an authenticator. So a synced passkey is, first off, very great for me because I can get in really easy, great for target because they're not losing a customer because I can get in so easily, I don't have to go and reset a password or whatever. And I think that that's a really important piece. There are so many different types of passkeys in the ecosystem, not so many, but passkeys you can have a device-bound passkey or you can have a synced passkey. And those are all very important in the whole ecosystem of passkeys, right?

Andrew Shikiar:
Yeah, at the end of the day, there's passkeys. This is a password replacement leveraging user-friendly asymmetric public key cryptography, which is a mouthful and earful. And no one should ever have to say your no, especially if you are an average consumer, but that's what passkeys are. And yeah, they could be synced across your devices or you can have a bound [inaudible 00:14:06] security key, which is the gold standard from a security posture. But they're all passkeys. And I think that is really important for people to understand. I totally agree with you.

Christine Owen:
Because they all use the same standards on the backend and have the same strong cryptographic keys on the backend.

Andrew Shikiar:
Yes, single-gesture public key cryptography. So whether you are verifying yourself with a biometric or touching a security key, it's a single gesture to sign in in a more secure and more user-friendly way than passwords and legacy most forms of MFA, if not all forms of MFA. And I think that's why, again, we've seen take up across scenarios, across use cases, across industries, and across borders.

One last point on why we've been successful with passkeys, it's been the support from the platforms and the big brands. So another big milestone is when... So to be perfectly clear, if Apple and Google and Samsung and big companies like that, Microsoft, were not pushing passkeys out to their users, we would not be seeing the success. And so I feel like it is all very symbiotic in the sense that we've created the constructs as an alliance to allow them to do that. This means that their customers and their users can be aware and leverage passkeys, but it really is this collective movement that's allowed them to lead and allowed everyone else to help build up the ecosystem in the market adoption of passkeys, which has been fantastic.

Christine Owen:
So what do you think is the most successful thing you guys have done? My assumption is that it's going to be the rollout of passkeys, but what do you think is the most successful so far?

Andrew Shikiar:
Yeah. Depends how you look at that question. So obviously passkeys. It's very rare to be able to work in a standards organization where the standard you're working on is something people are using every day, something that... It's a cliche, but something your mother understands or my mother understands, which is good because she knows what I do for a living now. But beyond that, on more of a meta level, I think where the Alliance has been most successful has been what I was talking about before, which is creating this environment where a diverse set of stakeholders can take a holistic view on technical challenges. And passwords are perhaps the greatest technical and security challenge we've seen over the past 20, 30 years. And people have been talking about getting rid of the password for decades. So it took this broad industry-wide commitment to really make this change.

But I think what we've done to enable that has been to create this infrastructure, create this environment where companies feel comfortable working together, where there truly is, and Christine, you see this as an active leader inside of FIDO Alliance, but where there truly is a remarkable spirit of collaboration and collegiality where people really genuinely want to help each other. So we don't get some of these I'll call standards warrior spinning contests, to use a polite term, where you have this standards battles for the sake of battling inside of FIDO. Everyone really is committed to seeing things through and making things work. And so it's that environment that's allowed us to be successful in creating the underlying protocols and the go-to-market and all this stuff we're doing to make passkeys happen. So passkeys are the output, but it's really the underlying foundational organizational structures and spirit that we have that's making that happen. So that's where I think we've been most successful.

Christine Owen:
So I actually, I was going to bring this up, I agree wholeheartedly about the spirit of the FIDO Alliance, and I think that that is mostly based on you and your team and how you interact with the members because it comes from the top. If there was a lot of pettiness and whatever within the Alliance, it would be from the top, but it's not. Everybody has a common vision to make security great again, or whatever you want to say. We want to make it so that we can get rid of passwords, we can have people use passkeys. And we understand standards is sometimes not the most fun thing to work on, but it's a very important piece of the puzzle to allow for interoperability and to allow for standardization of the end user experience. And everybody understands that mission and we're all so mission focused that I'm seeing basically companies that in the commercial space are constantly going at it against each other in RFPs and then behind closed door in FIDO, they're working together to create a stronger ecosystem, which is so awesome and so amazing.

Andrew Shikiar:
It's really cool. Inspiring can be a throw a word for it, but for me it truly is inspiring to see these people, some of the brightest minds on the planet, we're fierce competitors working in lockstep with each other. I feel incredibly fortunate to be able to work with people like this and their work and what we're seeing in the market speaks to their resolve and what they're doing. So it is fantastic.

Christine Owen:
Yeah. No, I totally agree. The people are so awesome. And the other cool thing is you can go up and talk to... Especially if you're at Authenticate or if you are at any conference where there's a big FIDO Alliance contingency, you can go up and talk to any of them and they will talk to you. It can be about passkeys. Of course, we all love to talk about passkeys. But it can also be just, "How did you end up where you were, what do you do for work or where do you live?" Everybody wants to chit chat and talk and it's great.

Andrew Shikiar:
It's really cool. So we meet as a membership three times a year. So once in Europe, once in Asia, and then at our Authenticate conference in the US. We just had our Asian plenary a couple of weeks ago. It's always a great couple days. And the working groups all meet and we have member-wide sessions. We around 120 people together in Melbourne. But as always, it's those side conversations that you're alluding to, Christine, where a lot of the value happens, where new ideas are generated, where networks are made, peer-to-peer connections are made. And that's really where I see a lot of the value is in this community building and the by-products of that, which are everything from networking to ideas for new specifications, to ideas for new work areas. And that's how a lot of our coolest things have started were people huddling together in the hallways, hallway con at plenary, that's super productive. Look, you get a bunch of bright, motivated people, mission-driven people together in a room for three days, good things are going to happen. And I'm really happy to see that we have making those good things happen.

Christine Owen:
Yeah. And some of the things that you guys have been expanding on are places like identity vetting and FDO.

Andrew Shikiar:
Yeah.

Christine Owen:
So a couple of questions. What are those? Why do you think they fit into the FIDO Alliance, but also how did those come to be?

Andrew Shikiar:
Yeah. It actually ties back to what we were talking about. So we actually launched both these efforts, yikes, back in 2019. So in 2019 we did the board, we had a analysis of potential new work areas. We looked at several things. And we decided to look at IoT and identity broader than just user authentication. And part of the discussion at that time was, "Look, we have the right people sitting around this table," sitting around that board table and the broader membership, 300 members worldwide, a board of 40 something companies. But the feeling was, "Look, we have the right people here. Where else can we add value? Where does it make sense for us to add value?" And FIDO Device Onboard was something we launched to help take the password out of IoT, for lack of a better term.

So this is something focused not necessarily on consumer IoT, but on industrial devices or embedded devices, network devices. So you think about smart devices or edge computing devices, these things are distributed and need to be brought onto a network. And historically that's been done with guess what? Password. Which creates a massive security risk and also a huge efficiency gap. So actually having to manually do these things or programmatically do them. It's a huge time and financial sink. FDO basically automates that process, takes a password out of the onboarding and allows these devices from point of manufacture to point of switching, turning it on, to immediately dial into a network, securely dial into a network without ever using a password.

We feel really good about the work we've done with FIDO Device Onboard. We have some newly FDO-certified products on market. We're seeing adoption from companies like ExxonMobil, Microsoft, Dell, Red Hat, many other companies are using this as well. So it's earlier in its maturity curve than passkeys are, but I think it has an opportunity to have as much impact in the market, in the edge computing market as passkeys have had in the user authentication space.

The other thing you mentioned was identity verification. So look, passkeys have basically... I think there is an inevitability about passkeys rolling out and being truly ubiquitous over the next several years, and that closes the front door, if you will, to remote attackers. No longer can you fish people's credentials or do false remote [inaudible 00:24:15], but that's the only part of the broader identity lifecycle. So we also need to look at onboarding and recovery. This is part of FIDO's mission, reduce or eliminate reliance on passwords and reduce fraud and remote attacks. A new threat factor is remote proofing, remote onboarding, remote verification.

So we launched an identity verification, face verification certification program and a document authenticity certification program to certify how well vendors are actually performing verification and document authenticity checks. So this is something that we worked on for quite a while. We had the first certified vendor announced last year, who has a face verification, who passed a face verification test. Customers who are using their product or who are licensing IAM products that have their face verification built into it can do so knowing that that system has been tested against industry metrics for things like false accept rate, false reject rate, presentation attack detection, bias, and biometrics, all these things are baked into that certification. Given the relying party or the enterprise who's using this, more confidence in knowing its capabilities in the market.

Christine Owen:
Yeah. I think both of them are obvious evolutions, and I think that there are probably more obvious evolutions that are going to come in the next five years given just the state of where we're going in the digital space. So do you have any ideas of where we might be going in the final alliance?

Andrew Shikiar:
I do. I do. And there's some early discussion happening that we're not going to talk about today, you and I are not going to talk about them today with all your audience, but there are [inaudible 00:26:12]. I think at a high level what I would say is that FIDO Alliance stakeholders are committing to solving problems where we can solve problems. Where we add value, we're not looking to replicate any work that's out there in the marketplace. If and as we identify spaces in the digital identity landscape, the broader credentialing landscape, which could benefit from coalescence and standardization, these are areas we'll look at very closely and figure out exactly how FIDO Alliance can add value.

And I think something really important to hearken back to is what FIDO Alliance is and how we work. I think one thing that makes FIDO unique, and we talked about the spirit and all those great things and the general working ethos of FIDO Alliance, that's fantastic, but the other thing as a body that I think makes FIDO unique is that it's not just a technical specification group, we talked about the UX work, sorting, usability. We also have an incredibly robust certification program. So over I think 1500 products [inaudible 00:27:21] FIDO-certified. Certified not just to... Including 1Kosmos. Not just that these products conform to the specifications, they inter-operate with one another. That really unlocks and unleashes the value of open standards for enterprises who are building and buying these solutions, which is super important.

But it's really this unique combination of specifications, adoption, and certification, those three pillars, if you will, that I think that coupled with the membership that we have allows us to add value in other areas. So as we look at these spaces that we just alluded to, I think these attributes are things that, again, are unique to FIDO. It'll be interesting to see where and how we bring this to bear in adjacent work areas.

Christine Owen:
I think it's also important to note that the member companies aren't just tech companies, right?

Andrew Shikiar:
No.

Christine Owen:
You've got anywhere from tech startups to platform providers to relying parties that are Fortune 50 companies. And then it's global because there's a very large presence in APAC and Europe. So you've got this really diverse membership, which is amazing that they all come together and no matter what it really does seem like we all are moving in the same direction, we have the thought process of moving in the same direction. Maybe some of us want to move this way and some of us want to move that way, but it's all going towards the same direction.

Andrew Shikiar:
Yeah, you're right. Diversity membership's really important. And the relying party quotient is critical. If it's a bunch of vendors building products for their own purpose or without guidance on what the market needs, it's going to be misaligned. So everything that we build, everything we spec and scope is based on market requirements. And that's a cool thing too. Going back to the success of passkeys and usability, one of the really cool things I think about FIDO, which makes us unique also, is that the teams working on the FIDO protocols are very close to these products, especially on the platform side. So a lot of times in a standards body you'll have R&D folks, which are great, and that's where next generation ideas come from.

But inside of FIDO lines have people who are actually building the products that you and I are touching every day. So when we see some sort of UX awkwardness or bug or something like that, it's very... The time from identification to implementation, both either in the spec or the UX guidance or how it's actually implemented in product is very small. And that's incredibly powerful to have the right people from the right companies taking part, especially on the platform side with the guidance coming from the product owners [inaudible 00:30:20] parties who are trying to roll these same sources out to their customers worldwide.
One last point, the global nature of FIDO is super important and increasingly important. So one of my goals is to make sure that we have a very diverse, geographically diverse set of members. So we're looking to grow with a broader footprint in Europe and in Asia to make sure that in today's trade and business climate that we have a diverse set of views, which is needed to make sure not just that we're building technology, that we're meeting regulatory and market requirements across the world.

Christine Owen:
Yeah, I think I agree. And I think part of it also is... 1Kosmos is president in APAC and in the US, and we do participate in some FIDO events in APAC, and then obviously we participate in the US. What's interesting is that the way that those in APAC use devices to get online and what they're using their apps for is different than how we're doing in the US. Same with Europe, they're also doing things slightly differently. And I think that that's that diversity that's so important because quite frankly, I'm going to say it, I think APAC is way ahead of all of us. They do some really innovative things with their mobile devices, and it's really nice because I would say a lot of... Some ideas can be incubated very well in APAC, and then they can come back over to the US once we can sort them out, which is awesome. And that's why it's so important that we also have really strong members from those areas.

Andrew Shikiar:
Yeah. As you pointed out, Christine, there's regional differences in technology uptake and also legacy technology. And in parts of Asia, especially Southeast Asia, there was previously some pretty aggressive E-banking work that was done, online banking using PKI that users using external devices, using security tokens, also in Europe. Whereas in America, that was never something people used. So one thing we've seen in Asia, for example, is that as these PKI systems were ready for refresh, that came about at the same time as FIDO was hitting the scene. So we saw a lot of really early adoption throughout Asia as banks were updating their PKI schemes in favor of something more usable.

But the user behaviors are different and so it's really important. So that feeds back into what we're doing to make sure that the specs are aware of this and reflect this, and our guidance reflects this as well. And then, of course, the other thing we do is we launch regional working groups, which helps, A, identify market requirements and bring it back into the Alliance to work on globally, but also allows us to deliver specialized programs, specialized messages, specialized go-to-market type outputs to help accelerate these geographies. So we currently have regional groups in Korea, Japan, China, Taiwan-

Christine Owen:
The EU.

Andrew Shikiar:
Europe, we have a European working group, and we're looking to grow that. I'd like to see us grow those in other parts of the world as well.

Christine Owen:
Yeah, I think that'd be amazing. That's awesome. I'm also seeing there's a lot of really good things starting to happen down in Latin America. A lot of people have not really thought about how to interact with them, but there's a lot of stuff going on down there too.

Andrew Shikiar:
I'm going to give you an example. So in Brazil, every bank taking part in open banking needs to be FIDO certified. That's very significant. And more and more around the world, we're seeing central banks or central banking bodies really take an active role in the user authentication and identity schemes of their banks, private banks and state banks. And so we think it's a really interesting model that other emerging economies or other mature and emerging economies may follow suit on. So we're already in conversations with central banks from several ASEAN countries and other parts of the world as well to try to encourage similar activities. So I think that's a really interesting illustration of how regulatory engagement and regulatory action can drive adoption of FIDO technologies and then drive opportunity, of course for the FIDO ecosystem, the vendor ecosystem, and ultimately drive better security for consumers around the world.

Christine Owen:
Yeah, I totally agree. And what's really interesting is I think you're spot on and the banks are going to really be driving identity, not just standards, but how end users interact with applications via their identity. What we're seeing, especially in developing nations, is a lot of central banks wanting a strong identity schema for their central bank. And so once you get that down, essentially it becomes a national ID, which then can be used for all these other things, which is really important because soon we're going to need to take our physical IDs and turn them into a digital ID.

Andrew Shikiar:
Yep, yep. That's exactly it.

Christine Owen:
It's pretty awesome. We're in a good time, I feel like.

Andrew Shikiar:
Yeah. Interesting times for certain.

Christine Owen:
Yeah, yeah. So I feel like a lot of people are doing goal setting or already have done goal setting for the year. So what's the top one to two things that if you could accomplish, you'd be like, "All right, I could walk away happy and feeling like I accomplished great things this year"?

Andrew Shikiar:
So I'm not walking away hopefully anytime soon.

Christine Owen:
I don't expect you to walk away.

Andrew Shikiar:
[inaudible 00:36:31] walk into 2026, how about that?

Christine Owen:
That's exactly right.

Andrew Shikiar:
[inaudible 00:36:34]. Look, I think we hit on a lot of it. So more deployment of passkeys first and foremost. You mentioned target before. I think it's really cool that pretty much every major E-commerce site in the US and many more globally support passkeys. So we want to see more of that. We want to continue to work on some of the UX issues that need to be ironed out to allow for a more ubiquitous and seamless user experience across passkey implementations. So these are things I want to see happen. But specifically on passkeys, I believe that we'll see start seeing major banks implementing passkeys for their users this year. So that's [inaudible 00:37:19] made and I think one of the goals is to see one or two major global banks do so.

Now, we've seen some banks already do so successfully. So we are down in Australia with Ubank, which is a subsidiary of National Australia Bank, they've rolled out Passkeys with great success. We've seen ABANCA do this in Spain. Bank ID, we're talking about bank-issued identities. They leverage passkeys as well in the Nordic areas of Europe. So I think there's some precedent, but one of our key goals this year will be major global banks deploying passkeys. We talked about identity verification. This is such an important program and we want to see more and more companies understand why and how, and then go ahead and get certified with our face verification document authenticity programs, which are also more and more being rolled into government regulations. So I think that's really important.

And then we talked about broader global engagement. FIDO Alliance is not a US body, we're a global body. Our membership reflects that, but I want it to reflect that more. So that means I'd feel great if we head to 2026 with added relying party members from outside the United States. I'd feel great heading in 2026 if we launched an additional regional working group of some sort, maybe in Latin America, maybe in other parts of Asia. These are pretty attainable goals. And then the last thing, we talked about new work areas. If and as FIDO identifies new spaces where we can add value, taking tangible steps towards making that happen would be something great to see happen in 2025, setting the stage for us to do even more in 2026 and beyond.

Christine Owen:
Yeah. I'm excited to add more global members because I think getting more voices is always really important.

Andrew Shikiar:
Absolutely.

Christine Owen:
So RSA, you tend to have a half-day session. I hear it's going to be April 30th in the afternoon. What do we expect? What should someone expect to see and why should they go to that half-day session?

Andrew Shikiar:
Yeah, absolutely. So we do a seminar each year at RSA and it's April 30th at 1:15 PM. We hope to see people there. So we'll be detailing some case studies. So what's interesting is that we've always showcased case studies, and as you know, there's no better way for a potential customer to learn or think about deploying than to see what someone else is doing. What's interesting is that our case studies have moved from the basic message of passwords suck, passkeys are great, to get a little bit more forensic. So the case studies we'll feature will share some data, some how-tos and some tips on why, how, and actual benefits of rolling out keys and different scenarios. We'll also be providing update on our certification programs, which are really important for people to get their heads around and understand how they can engage. So I think those will be the key things at RSA and we'll be showcasing what a lot of our members have to share with their products and their solutions and their customers as well. And then beyond that [inaudible 00:40:23].

Christine Owen:
Yeah. And you have a booth at RSA too.

Andrew Shikiar:
We have a booth, so please stop by. Our purpose there is frankly to help boost the ecosystem. So members like 1Kosmos and many other members inside of FIDO Alliance are there. We try to point booth visitors to solution partners where they can get added information about how to get started on their passkey and their FIDO journeys. But also, we're always pleased to talk to attendees about membership and about our certification programs and answer any general questions people might have about how FIDO works.

Christine Owen:
Yeah. And you usually have pretty comfortable couches. I really enjoy that.

Andrew Shikiar:
[inaudible 00:41:06].

Christine Owen:
They're great.

Andrew Shikiar:
They do. And I} look forward to seeing you there. I'm no longer consulted on the booth furnishings, but I'd assume that we have comfortable places to sit.

Christine Owen:
Yeah. The FIDO booth at RSA tends to be very stylish. It's a very inviting place for anyone to come and talk about FIDO.

Andrew Shikiar:
Yeah. We try to do things professionally and polished and feel... I think it's an important aesthetic. I believe in aesthetics and I think it's important for us to have friendly, comfortable environments.

Christine Owen:
Yeah. All right. And then you have a plenary. And then after that I think it would be Identiverse. Do you guys have anything big? Usually you have a passkeys one-on-one session, and usually there's a couple other sessions that you guys get to do at Identiverse.

Andrew Shikiar:
Yeah, so we'll have a passkeys one-on-one session. We target our annual UX research to be deliberate around that time, so I think we'll be sharing that at that point. And then we're targeting some other interesting disclosures around that timeframe.

Christine Owen:
The one thing I will say about that UX is I think it's one of the best sessions honestly, because there's a lot of really good data in that UX session that actually can help any company, either a relying party or a vendor when they're working on business cases for transitioning over to passkeys. The information is so good and so juicy that you want to get all of that information because... I use it all the time. When you have those stats, they're so great to have.

Andrew Shikiar:
Yeah. Yeah, no, we want to give people data and information they need to initiate or accelerate their passkey journeys, and that's part of what we do in those sessions as well.

Christine Owen:
We usually get a little bit of a break in the summer, sometimes we get to go do stuff. And then I think your other big event will be Authenticate. I know it's a long way away, but it's always so much fun.

Andrew Shikiar:
It doesn't feel that long away. Authenticate's in mid-October, everyone should come to this. Everything we're talking about, the community and the mission and the opportunity to learn and engage, Authenticate's that in spades. I'm incredibly proud of what we've done at Authenticate from launching this as a concept to being really a pillar, a must go, must attend identity show in the industry I think it's really cool what we've been able to do with that. So yeah, Authenticate will be great this year. One data point on Authenticate, we had around 35% spike increase in the number of speaking submissions this year over last year.

Christine Owen:
Oh no.

Andrew Shikiar:
[inaudible 00:44:11] submitted something, sorry if you don't get accepted, but it's for good reason. It's really cool. From 2020 to 2021, we saw a decent spike and then we saw normal growth, like 10%, 10%. And then this year is just off the charts. And I've taken a quick look through some of them and they're outstanding. So Authenticate's going to be awesome. Please come. And I think one thing you'll see us talk more about is look at things more broadly because part of the feedback we got last year was, "Okay, yeah, I get it. Passkeys are great. I like case studies, but I don't need 75 of them. Let's talk broader about identity and let's talk broader about passkeys and digital credentials." I think you'll see our content reflect that. So yes, we'll give you the ins and outs of why and how to deploy passkeys, but we're going to look at things a little more broadly as well. So it'll be really good agenda, great attendees. And in a beautiful location in sunny Carlsbad, California in October. So please do come.

Christine Owen:
Yeah, it's always the best weather. Seriously, it is some of the brightest minds, the people who go are so high quality people. They're all so nice and just so amazing. But on top of that, sometimes if you're not... I'm not as technical as some of these people, and boy, sometimes I have to go, "Okay, I can't... Can you dumb it down for me? Can you bring it up a couple of levels so we can keep talking?" But it's amazing.

Andrew Shikiar:
We have content for everybody.

Christine Owen:
Yeah.

Andrew Shikiar:
Yeah. It's a great week to spend together. And I see you have a Use Passkeys T-shirt on. I'm creating work for us, but we're going to do special Authenticate T-shirts and we're going to sell them in advance.

Christine Owen:
Oh, I love that.

Andrew Shikiar:
People are going to... Yeah. So once you register, you'll get a link to the FIDO store. You can get special Authenticate swag if you want to show it off, just to make things a little more fun for people in addition to the stuff we give away, the typical T-shirt. We have a lot of fun at the show, and I think that attendees have fun as well.

Christine Owen:
Oh yeah, I agree. I think they do. Where else can you talk about passkeys in your swimwear? Nowhere. It's amazing. It's so much fun.

Andrew Shikiar:
[inaudible 00:46:32] just to understand. There's no obligation to swimwear.

Christine Owen:
No, there is no. No. You can go with... No, I'm just kidding. It's great. Honestly, people just are so relaxed because it's such a good environment, and also the people are amazing. Are there any other events between now and Authenticate that you also would want to talk about?

Andrew Shikiar:
No, we'll be present. We maintain a very active schedule, speaking and supporting and doing things like that. We have an events page on our website, check it out and just see where we're going to be next. Or if you have any ideas for us, please do reach out.

Christine Owen:
Yeah, I feel like you guys are everywhere. If we show up to event, I feel like there's always someone from FIDO there too, which is good because it's important to get the word out and talk to people. So speaking of the used passkeys, actually, I wore this shirt, I don't remember, I wore the shirt at an event in DC recently. And I can't tell you how many people came up to me and said, "How did you get this shirt? Where do I get this shirt?" And so I was telling people left and right. "Oh, just so easy. Just go and..." I didn't look it up. I probably should save the website because you have some amazing FIDO swag. So how do I get this shirt if I... And this one, by the way, this one's a woman's tee, so I have to show this off. Because there's a lot of menswear, obviously, but this is a woman's tee, so it's actually more slim fit, which is so nice and it's so comfortable. I can't believe I'm selling your-

Andrew Shikiar:
Thank you.

Christine Owen:
But it's so good. It's so good.

Andrew Shikiar:
So you can get a discount on everything we sell after this show. We do have a FIDO store, and we have fun with it too. So it's shop.fidoalliance.org. We have different swag, different fun T-shirts, and other types of gear. We're expanding the merchandise. So yeah, please check it out. Let's do a coupon code for Identiholics listeners. Let's do IDENTIHOLICS10. All right, folks, Identiholics listeners get 10% off the FIDO store, which is already reasonably priced. I've been told that we're underpriced in our T-shirts, so.

Christine Owen:
No, you're not.

Andrew Shikiar:
I've been told this, so I think pretty soon we're going to raise the price. So go in soon, get an extra 10%, IDENTIHOLICS10, the shop.fidoalliance.org, and you can have the same fly swag that Christine's wearing.

Christine Owen:
Yeah, I have so many. I want to go back to that Authenticate real quick. So I keep all of my Authenticate [inaudible 00:49:09]. I've been to all of the in-person Authenticate since they started. I keep them all. And I find that some of the members, we all wear the shirts and we try to see who's wearing the most random FIDO shirt that nobody else has, and it's a lot of fun. And last year you guys were giving out old swag and [inaudible 00:49:30].

Andrew Shikiar:
We missed an opportunity there. So yeah, we give away T-shirts at all of our plenaries too. When we first got started at plenaries we'd do a different gift for each plenary. So it is everything from a passport holder to a pen or a notebook or-

Christine Owen:
Here's your passport holder. I took it at the last one. Love it.

Andrew Shikiar:
Gave that one away. So Tasha, our amazing events manager on our team, had all this stuff in a locker. I was like, "Hey, just bring it to Carlsbad, we're going to give it away." I thought we could have done more with it because it's old school vintage stuff from like 2018. But anyways, it's a free for all. Apparently you managed to get one of the passport holders. So people who were actually not at the 2018, 2017 plenaries have those T-shirts just getting a faux vintage Rolling Stone shirt, but that's okay. Now we have the same shirts and we have stickers and shirts. It's fun to see.
Again, these are fun things to do when you are helping build an organization. We came with the idea of let's do stickers. And so now you go to a FIDO plenary meeting. Someone has their laptop open, it's covered... Like yours has stickers. It's covered with stickers from dozens of different plenaries like those. So that's Passkey Central.

Christine Owen:
[inaudible 00:50:37].

Andrew Shikiar:
Yeah. Anyhow. We're rambling now. But yeah, we have gear. Go to shop at fidoalliance.org. Thank you for holding that sticker up, Christine, because I missed one of the most important things.-

Christine Owen:
Yeah, I know. We didn't even talk about Passkey Central. How dare we?

Andrew Shikiar:
How bad am I?

Christine Owen:
I almost wore that shirt too, because it's such a comfortable shirt.

Andrew Shikiar:
So anyone who's still listening and has yet to get started on their passkey journey, go to passkeycentral.org. This is an incredibly important resource that we launched last year. It's not a developer site, it is a product strategist, product owner site. So if you want to understand how to build your business case around passkeys, you want to understand different rollout patterns, implementation patterns, you want to view our UX guidelines, our design guidelines, passkeycentral.org has all of that.

We poured a ton of resources into this. In fact, we took added funding in from companies like Google and Yubico. Craig Newmark Foundation helped contribute to this. We did foundational research to help create the informational assets that people need. And we didn't just ask people who are rolling out passkeys, but we asked people who have driven different innovation projects inside the companies, "What helped you innovate?" And so everything we've developed there, both the content and the flow, is targeted around innovation. So I think it's a really useful asset. Please do check it out and go there to get started on your journey. And give us feedback if something's missing. Again, we're very open to community feedback and want feedback from the broader identity community on what we can do to add more value to your efforts.

Christine Owen:
Yeah. No, yeah, that was rolled out not very long ago. It was like less than six months ago. So it's definitely a great place to go. So is there anything else that I didn't cover that you'd like to add?

Andrew Shikiar:
I feel like we hit it all, Christine. I regret the Doogie Howser reference, but that's is what it is. I was saying that for older people who need to understand what things were like in the-

Christine Owen:
They need to understand passkeys too. So you're good. You're hitting the broad audience. The one thing that I will say, maybe this is for the young crowd or maybe it is for the older crowd, is that Authenticate you guys have the best Sunday bars, especially sometimes during the afternoon snack. And it is amazing and it makes me so happy. So thank you.

Andrew Shikiar:
We'll bring those back then this year.

Christine Owen:
Yes. My job is done. I accomplished-

Andrew Shikiar:
Yeah. Hold on. Hour later, we got that done. Okay, cool.

Christine Owen:
Yeah. All right.

Andrew Shikiar:
We're all set. No, Christine, thanks so much for having me. Congrats on the growth of your podcast, it's been great to see. And thank you for everything you do inside of FIDO Alliance. Appreciate you as a contributor. Appreciate 1Kosmos' support. And I look forward to ongoing collaboration with you and the broader team.

Christine Owen:
Absolutely. And thanks so much for being such a great leader within the FIDO Alliance because I honestly think it is such an amazingly open and welcoming place because of the leadership of you and the rest of the team. So we really-

Andrew Shikiar:
I appreciate that. Thank you very much.

Christine Owen:
Have a wonderful day.

Andrew Shikiar:
All right.