As FIDO Alliance-based protocols start entering the mainstream, companies will be faced with the dilemma of what to do with the millions of web applications that still use passwords for authentication. These legacy applications become vulnerable as sites and web applications enable FIDO. This session will discuss strategies on how to address this problem, based on work done with US NIST.Learning Objectives:1: Obtain a quick understanding of FIDO strong-authentication protocols.2: Learn about the NIST reference architecture for Mobile SSO.3: Learn about the FIDO Gateway architecture for SSO.