 Welcome to the Fiji Symposium 2019 in Cairo, Egypt. I'm very pleased to be joining the studio today, Mr. Jeremy Grant, who is Managing Director of Technology and Business Strategy for Venable. Welcome to the studio. Thanks, good morning. Thanks for having me. Now, let's talk a little bit about the Fido Alliance. Now, I understand that you're involved with this. What is it to what does it do? So Fido Alliance is an effort to transform the way that authentication works in the digital legal system through better standards. For years, we've been using passwords, or perhaps a second factor like a one-time passcode that might be texted to your phone, which is both a terrible user experience and also increasingly hackable and fishable. So Fido is a standards effort that is unifying major players in technology, in financial services, in hardware and software, in high assurance cloud services to develop a new set of standards that are globally recognized that can be used to, in some cases, augment passwords or, ideally, replace them through, what I would say, one-touch, single gesture authentication, leveraging a mix of biometrics, matched locally on device, tied to a cryptographic key pair that then logs somebody in very securely behind the scenes. And how can Fido authentication improve the user experience to digital financial services? Well, the user experience today has been quite lousy. I think most people are today trying to manage dozens of usernames and passwords. And particularly when you're looking, and where commerce is happening these days, on the mobile device, trying to actually enter in a so-called complex password isn't particularly a good user experience, or if we're asking somebody to then go get a code from someplace else as a second factor, I think about the last thing anybody wants to do after entering one password is then go find a second password. So from the user experience, what Fido does is it basically leverages the fact that most devices today, be they running on the Android operating system, Windows, the Apple operating system, all have some common elements that are in place. The first is, and if I'll pull out my Android smartphone, inside this is a very secure chip, the trusted execution environment that can create and secure and protect cryptographic keys. This device also has several biometric sensors. It's got a fingerprint sensor, a camera that can do face and iris. And so we move from trying to enter passwords to essentially just leveraging a biometric as the first step, hold it up, or put my finger on the device to then, and that's only matched by the way on the device, that never goes off the device for privacy and security purposes. And that then unlocks a cryptographic key behind the background that logs you in. So we're talking about single gesture, biometric-enabled authentication that requires almost no effort from the user and is exponentially more secure than other types of authentication that are out there. And in terms of the big picture, what do you think the key factors are that governments and financial services sectors should consider when putting in place a strong authentication system for the digital financial services? Well, I think the first thing to keep in mind is you need to have an authentication strategy. We know today by looking at some of the studies that we see year after year from third parties that roughly 80% of breaches each year are targeted at stealing people's passwords or other credentials. So if you're suddenly bringing more financial services online where the risk model is such that there's money you could steal, people are gonna come after the passwords, first of all. And so if you're not focusing on a strategy around strong authentication, that's gonna create real problems. Second, you need to make it easy for the consumer to use because if there's one thing we've seen across the globe is that if you make it too hard, people just find ways to get around it or they won't embrace the service. The third I'd say is that privacy matters. There are architectures that will focus on warehousing millions of biometrics. My experience as a security professional has been those are quite hard to protect. And so if you can leverage some of the on-device matching capabilities to give you the convenience and security biometrics without the security risk, that goes a long way. And fourth I'd say standards are very important. The real value that FIDO provides is regardless of what device you're using, FIDO standards are built in at the chip level, at the browser level. And so it provides a very easy way to integrate multiple biometric modalities and multiple approaches to authentication backed by a global standard now recognized by the ITU and the World Wide Web Consortium. So do you think we're ever gonna reach an authentication utopia or are there always going to be issues that need to be addressed? Well, utopia is a bit of a loaded term. I dream of that I suppose. But I think what's exciting to me about FIDO is not only that the technology's good, that the security's good, but that it's backed by global standards that are basically created and embraced by who's who of technology providers out there. And so when I've, having worked in this space 20 years and been part of other attempts to try and get beyond the password that have struggled because they were just too complicated, they weren't a delight for the user, they were too costly. This is a way to leverage standards in a way that's affordable, that's great for security, great for privacy, and most important, really easy to use. And how long are we talking about here? Well, what you're seeing right now is, I think this next two years is actually gonna be transformational across the globe in terms of how you see FIDO adoption. Microsoft has pledged to build it into Windows. So if people are logging in, say, with Windows Hello on a Windows 10 machine, that's backed by the FIDO standards. You have seen Google bake it in both at the browser level with Chrome, as well as right into the Android operating system. So the Galaxy phone I was taking up before, there are a number of sites that I can now leverage FIDO to log in from the user experience. It's just a simple biometric match, but the cryptography behind the scenes is really where the security value is. And Apple, who doesn't always show up at standards, parties has actually recently announced they've started to release code for a WebKit, which is their open source code for Safari, that they're baking it into the browser. So already today, when you look at a number of major banks across the globe, Microsoft, Google, Facebook, Twitter, Dropbox, major cloud sites, Amazon as well, that have started to bake FIDO in, I think what you're gonna see over the next 18 to 24 months is a whole new list of brand names that are popping up that are defaulting to FIDO authentication rather than username and password because of its security and its ease of use. Finally, you've trekked all the way here from Washington, I wanted to find out what's the incentive for you to be here? Oh, well, my background is I've worked at the intersection of identity and cybersecurity for more than 20 years, including quite a bit of the standards world. I first got to know the folks at the FIDO Alliance when I was actually running the National Strategy for Trusted Identities in Cyberspace, which was an Obama White House initiative focused on the topic we're talking about today. And I ran the identity standards team at NIST. And when I left government a few years ago, one of the ways that I viewed FIDO was it was the industry response to what the White House had called for, for industry to come together and partner with government to create new interoperable standards-based ways to better address identity online. And so this has been a deep passion of mine for more than 20 years in terms of how can you leverage good identity to enable new types of commerce that you cannot deliver online without trusted identity. And the work that FIDO's doing in the broader community, not just companies, but also governments around the globe who have been part of the Alliance and contributing to it, is really the best story out there today in terms of what's going on in the identity ecosystem. Jeremy Grotten, thank you very much indeed. Thank you.