HID Enables Enterprise Passkey Governance Without User Friction
Enterprise Attestation in HID Crescendo FIDO authenticators gives organizations policy-level control over which devices can register passkeys — while keeping the user experience unchanged.
Passkeys Strengthen Login Security
HID has announced the availability of Enterprise Attestation in its FIDO authenticator portfolio, including HID Crescendo smart cards and security keys. The capability enables organizations to verify whether a passkey is being registered on a trusted, company-issued authenticator before the credential is accepted.
Passkeys are widely seen as a major step toward phishing-resistant authentication. They verify the user and reduce dependency on passwords. For enterprises, however, one important question remains: Can the organization trust the device that creates the passkey?
Enterprise Attestation Verifies the Device
Enterprise Attestation addresses this challenge. It allows companies to confirm the provenance of an authenticator at the point of enrollment. If the device cannot provide valid attestation data, registration can be blocked automatically by policy. If the device is recognized as company-issued and trusted, the passkey can be registered without additional steps for the user.
This gives security teams greater control over passkey governance, device traceability and authenticator lifecycle management. At the same time, employees continue to use passkeys in the normal way, without changes to the login experience.
Built into HID Crescendo Authenticators
The capability is built into HID’s FIDO2-certified Crescendo authenticators and is supported by identity platforms such as PingOne. It is based on FIDO Alliance standards, including WebAuthn and the Client to Authenticator Protocol, CTAP.
This standards-based approach enables organizations to strengthen authenticator governance without relying on proprietary authentication flows or changing application workflows.
Designed for Regulated Industries and NIS2 Requirements
For regulated sectors such as financial services, healthcare and critical infrastructure, Enterprise Attestation can support requirements around auditability, device provenance and lifecycle control. It also gives organizations operating under security frameworks and regulations such as the EU NIS2 Directive a practical way to strengthen authentication governance at the device level.
In a Zero Trust security model, access decisions should not only verify the user identity, but also the trustworthiness of the device involved. Enterprise Attestation supports this approach by helping organizations ensure that only approved, company-issued authenticators can be used to register passkeys.
Preventing the Use of Unmanaged Authenticators
A typical use case is an organization that wants to restrict passkey registration to approved authenticators. Without Enterprise Attestation, a personal security key could potentially be registered by an employee, even if it is not managed or issued by the company.
With Enterprise Attestation, the system checks whether the authenticator can present a certificate linking it to a known, company-issued device. If this proof is missing or unrecognized, enrollment is blocked.
Global Availability
HID Crescendo authenticators with Enterprise Attestation support are available globally now. Further information is available at: https://www.hidglobal.com/product-mix/crescendo
Want to learn how HID Crescendo authenticators with Enterprise Attestation can support secure passkey deployment in your organization?
Contact HID to discuss your requirements and find the right solution for enterprise authentication, device trust, passkey governance and compliance with security frameworks such as NIS2.