The RSA Authenticator app for iOS and Android is now a FIDO2-certified authenticator and is generally available.
This latest passwordless milestone from RSA gives organizations another means of deploying seamless, phishing-resistant, passwordless authentication, advancing Zero Trust maturity, and improving convenience by allowing users to register and authenticate with device-bound passkeys.
RSA Authenticator V4.5 for iOS and Android supports a device-bound passkey solution built specifically for enterprises demanding the highest levels of security. Unlike synced passkeys, which store credentials (and vulnerabilities) across multiple devices, a device-bound passkey is stored on a single device and never leaves that device, ensuring the highest level of control and security.
Offered through RSA ID® Plus, the RSA Authenticator App is the latest milestone in RSA’s work to remove passwords. In October, RSA released our FIDO-certified hardware authenticator, the RSA iShield Key 2 series, powered by Swissbit. RSA also provides phishing-resistant passwordless security through the RSA DS100 hardware authenticator.
Together, these solutions provide the flexibility and control organizations need to deploy the right MFA based on their specific needs and risks, ensuring the appropriate level of protection for their workforce.
In addition to passkeys, RSA ID Plus supports QR codes, OTP, code matching, Push-To-Approve, biometrics, and FaceID. These diverse options provide the flexibility needed to meet enterprises’ varied security and usability requirements today.
The passkey authentication experience with RSA Authenticator app for iOS and Android is designed to be seamless for end users, making it easy for them to register and authenticate with minimal friction, therefore higher adoption. This ensures that it can be integrated smoothly into any existing IT environment.
“Passkey capability in RSA authenticator app for iOS and Android is the culmination of months of innovation and collaboration,” says JC Laurent, the product manager behind this feature. “Our goal was to build a solution that embodies RSA’s Secure by Design and Secure by Default ethos, offering both unparalleled security and an intuitive user experience. We wanted to create a product that enterprises can trust—where security is uncompromising and integrated into every layer of the solution.”
Any step that organizations can take to reduce their dependency on passwords is a best practice: the misuse of stolen passwords (or phishing, which leads to stolen passwords) tends to be the cause of most data breaches and ransomware.
Because of that, at minimum moving to passwordless is a frequent best practice to stop data breaches. But in other cases, it’s a requirement that governing bodies require for certain countries or sectors. Fortunately, RSA Authenticator App 4.5, the RSA iShield Key 2 series, and the DS100 can help organizations
- Australia: The Australian Signals Directorate’s “Essential Eight” includes new guidelines requiring the use of phishing-resistant MFA
- Brazil: The Central Bank of Brazil (Banco Central Do Brasil) requires financial institutions to implement comprehensive cybersecurity measures, and Resolutions No. 4658 and No. 4893 encourage the adoption of strong authentication mechanisms to mitigate threats to safeguard data confidentiality, integrity and availability
- Canada: The Canadian Centre for Cyber Security advises organizations to adopt phishing-resistant MFA
- Healthcare: In the U.S., HIPAA regulations require that organizations keep electronic health records (EHR) secure. In the U.K., the NHS requires MFA to keep patients and their records secure
- The EU: The European Union’s Network and Information Systems (NIS2) directive requires MFA (article 32). The European Union Agency for Network and Information Security (ENISA) also recommends that organizations implement MFA to meet GDPR regulations. Likewise, the Digital Operational Resilience Act (DORA) article 9d requires strong authentication policies and protocols
- Mexico: Mexico’s National Banking and Securities Commission (CNBV) requires financial institutions to implement MFA to protect against unauthorized access and fraud
- Saudi Arabia: The National Cybersecurity Authority (NCA)’s Essential Cybersecurity Controls (ECC) require the use of strong MFA to verify user identities before granting access to systems and data
- Singapore: Singapore’s Cybersecurity Agency recommends implementing MFA to protect critical information infrastructure
- U.S. Federal Government: Executive Order 14028, OMB M-22-09, and OMB M-24-14 require federal agencies implement passwordless, phishing-resistant authentication
- Financial services: PCI 4.0 requires mandatory MFA for all access to the cardholder data environment, not just admins. It also requires independent authentication factors and resistance to replay attacks
RSA Authenticator App V4.5 for iOS and Android provides organizations with the passkey capabilities they need to provide users with a secure, phishing-resistant authentication experience. It ensures a consistent user experience across devices and platforms while maintaining an unmatched level of security.
Enterprises focused on achieving Zero Trust optimal level security maturity will find that this new passkey capability addresses key security concerns—such as social engineering and credential phishing—without compromising user experience.
This release also introduces several new features that enhance RSA Authenticator App’s capabilities, including improved administrative controls for easier deployment and enhanced user onboarding experiences. We’ve also added support for more authentication scenarios to ensure that RSA product offering seamlessly fits into diverse enterprise environments.
Ready to embrace a future without passwords? With general passkey support, we’re turning that vision into reality today.
###
Learn more about enabling Authenticator App 4.5 for iOS and Android.
