Identity & Access Management , Security Operations , Video

Merck Germany Exec on Why FIDO is Still Such a Tough Sell

Andreas Pellenghar Points to Identity and Usability Issues, Lack of Tools
Andreas Pellenghar, head of identity and access management, Merck Germany

Identity verification and lack of WebAuthn implementation in legacy applications and smartphones are two of the biggest challenges associated with adopting the FIDO authentication standard.

See Also: Shift From Perimeter-Based to Identity-Based Security

Merck Germany's Andreas Pellenghar, who has implemented FIDO authentication for thousands of employees, points out that there's no solution on the market that can verify online identities. Also, the current setup requiring smartphone users to jump to a browser to log in is turning people off, he says (see: Trusona Exec Goldman on Bringing Usability to Authentication).

"The workaround obviously is complicated," Pellenghar says. "You have to use the browser and then authenticate in there and then go back to the application. It is uncomfortable to teach everyone how to use it. The workaround helps, but we really want to have an actual solution."

In this video interview with Information Security Media Group from the FIDO Alliance's Authenticate 2022 conference, Pellenghar also discusses:

  • Why Merck prefers device-bound authentication to universal passkeys;
  • Why it's tough to deliver a consistent user experience across browsers;
  • Why the benefits of FIDO authentication outweigh the hurdles for Merck.

Pellenghar is the head of identity and access management at Merck Germany, a science and technology conglomerate with operations across multiple sectors including healthcare. He turned to FIDO authentication to deliver secure access to the 80,000 users across his organizations.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.