SendQuick says its Conexa authentication platform has achieved FIDO2 server certification from the FIDO Alliance, a milestone the company claims will help enterprises cut password risk with phishing‑resistant, standards‑based sign‑ins. While this announcement signals a strategic shift toward passwordless authentication in complex Windows and hybrid environments, the FIDO Alliance’s public Certified Products Directory did not yet show a Conexa listing at time of publication; we’ll update this story when it appears. (fidoalliance.org)
The FIDO2 family of specifications (W3C WebAuthn and CTAP) replaces shared secrets with public‑key cryptography, enabling strong, phishing‑resistant authentication via passkeys, platform biometrics, and hardware security keys. U.S. government guidance underscores why this matters: NIST’s Digital Identity Guidelines define phishing resistance and explicitly note that OTPs (including SMS and email) are not phishing‑resistant because their codes can be relayed, while FIDO‑style cryptographic authenticators are. CISA, referencing OMB M‑22‑09, similarly recognizes FIDO2/WebAuthn as phishing‑resistant and suitable for zero‑trust programs. (pages.nist.gov, cisa.gov)
Government playbooks now provide step‑by‑step roadmaps to pilot phishing‑resistant authenticators, reflecting the growing maturity of deployments across public and private sectors. That momentum dovetails with the broader passkey push across major platforms. (idmanagement.gov)
Redmond’s continued investments in passkeys and a modernized Windows Hello UI further streamline passwordless adoption on Windows 11—one reason many enterprises are accelerating FIDO2 pilots tied to device and identity modernization. (theverge.com)
Source: businessnewsthisweek.com SendQuick Conexa Achieves FIDO2 Certification, Helping Enterprises Eliminate Password Risks
Background
The FIDO2 family of specifications (W3C WebAuthn and CTAP) replaces shared secrets with public‑key cryptography, enabling strong, phishing‑resistant authentication via passkeys, platform biometrics, and hardware security keys. U.S. government guidance underscores why this matters: NIST’s Digital Identity Guidelines define phishing resistance and explicitly note that OTPs (including SMS and email) are not phishing‑resistant because their codes can be relayed, while FIDO‑style cryptographic authenticators are. CISA, referencing OMB M‑22‑09, similarly recognizes FIDO2/WebAuthn as phishing‑resistant and suitable for zero‑trust programs. (pages.nist.gov, cisa.gov)Government playbooks now provide step‑by‑step roadmaps to pilot phishing‑resistant authenticators, reflecting the growing maturity of deployments across public and private sectors. That momentum dovetails with the broader passkey push across major platforms. (idmanagement.gov)
What’s new in SendQuick Conexa
SendQuick positions Conexa as a flexible MFA and passwordless platform with multiple deployment models and integrations that appeal to Windows admins:- Supports FIDO2 options (passkeys/biometric sign‑ins and hardware security keys) alongside legacy factors. (sendquick.com)
- Delivers OTP via SMS and email and across collaboration channels (e.g., Microsoft Teams), plus soft/hard tokens and push—useful for transitional journeys even if not phishing‑resistant. (sendquick.com)
- Acts as an on‑prem appliance, cloud, or VM, with built‑in RADIUS and SAML identity provider to slot into SSL VPNs and directory services. (sendquick.com)
- Provides documented integrations with major network stacks (e.g., Fortinet FortiGate via RADIUS/SAML), easing rollout in existing remote‑access paths. (sendquick.com)
Why this matters to Windows environments
Microsoft now enables organizations to sign in to Windows 10/11 and Microsoft Entra ID with FIDO2 security keys and passkeys, reducing reliance on passwords and MFA codes susceptible to phishing. In practice, enabling FIDO2 security keys for Windows sign‑in can be done via Intune, provisioning packages, or Group Policy, complementing Windows Hello and modern passkey experiences. (learn.microsoft.com)Redmond’s continued investments in passkeys and a modernized Windows Hello UI further streamline passwordless adoption on Windows 11—one reason many enterprises are accelerating FIDO2 pilots tied to device and identity modernization. (theverge.com)
How it compares: certified FIDO2 servers
If Conexa’s FIDO2 server certification is confirmed in the FIDO directory, it would join an established field that includes Nok Nok’s S3 Authentication Suite (among the earliest certified), StrongKey’s open‑source FIDO2 server, and i‑Sprint’s AccessMatrix UAS. This context matters for buyers who must validate interoperability and certification pedigree across authenticators, browsers, and operating systems. (noknok.com, solutions.strongkey.com, i-sprint.com)Strengths
- Windows‑centric integration: Built‑in Windows login support, plus RADIUS/SAML for VPNs and legacy stacks, speaks directly to real‑world enterprise topologies. (sendquick.com)
- Flexible deployment: Appliance, cloud, and VM options let teams choose on‑prem isolation or cloud agility without re‑architecting identity flows. (sendquick.com)
- Gradual migration path: Coexisting FIDO2 and traditional factors support phased passwordless rollouts while maintaining business continuity. (sendquick.com)
Potential risks and watch‑outs
- Verification pending: As of publishing, we could not independently locate Conexa’s FIDO2 server listing in the FIDO Alliance directory. Enterprises should request the certification ID and verify it in the official database before procurement. (fidoalliance.org)
- Legacy factor exposure: OTP via SMS/email and other user‑entered codes remain vulnerable to relay and phishing attacks; prioritize FIDO2/passkeys for high‑risk access. (pages.nist.gov)
- Operational complexity: Blending VPN, device, and identity modernization (Windows Hello, Entra ID, legacy apps) requires careful staging and policy alignment to avoid user friction. (learn.microsoft.com)
Implementation playbook for Windows shops
- Define target use cases and assurance levels (workstation unlocks, VPN, admin access) and map them to phishing‑resistant methods first. (cisa.gov)
- Stand up a FIDO2 server (e.g., Conexa) in a pilot enclave; verify certification details and authenticator interoperability at the outset. (fidoalliance.org)
- Enable FIDO2 security key and passkey sign‑in for Windows 10/11 via Intune/Group Policy; pair with Windows Hello where appropriate. (learn.microsoft.com)
- Integrate RADIUS/SAML flows for SSL VPNs and remote access gateways; start with a single vendor integration (e.g., FortiGate) before expanding. (sendquick.com)
- Retire non‑phishing‑resistant factors in phases, beginning with privileged users and high‑value applications. (pages.nist.gov)
The bottom line
If independently verified, FIDO2 server certification would mark a meaningful evolution of SendQuick Conexa from multi‑channel MFA to a standards‑aligned, phishing‑resistant platform suited to Windows‑heavy enterprises. Even before the directory listing appears, Conexa’s RADIUS/SAML breadth, Windows login hooks, and VPN integration guides give IT teams practical tools to accelerate passwordless authentication—so long as deployments prioritize FIDO2/passkeys over legacy OTPs and follow zero‑trust guidance. For Windows admins, this is another sign that passwordless authentication is not just viable—it’s fast becoming table stakes. (sendquick.com, learn.microsoft.com, cisa.gov)Source: businessnewsthisweek.com SendQuick Conexa Achieves FIDO2 Certification, Helping Enterprises Eliminate Password Risks
