Authentication board the FIDO Alliance has launched its first public review draft specifications for the delivery of standards for simpler and stronger authentication.
Emphasising a device-centric model that reflects the Alliance’s dedication to usability, privacy and security, it bolsters the board’s principle of simplified but secure login. Its concept is to allow a user to login to an application using an approved and standard method, using a user’s account identifier which is verified with a stored public key.
FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to today’s prevailing reliance on single-factor passwords.
FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as further enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC).
FIDO Alliance board member Phil Dunkelberger told IT Security Guru that the problem of username/password is that it is “years old”, while certificates were even older; yet both were used in the modern internet. “The Alliance believes in an ecosystem that can be built and there is massive growth in this idea. The technology is moving on and this is all coming together to get things moving forward,” he said.
“What FIDO has done is designed to make authentication hard by not relying on username and password and making it harder to beat. Now we need to raise the cost of implementation for multi-factor authentication. FIDO makes devices more usable as you can swipe a finger and do what you want to do every day with an ATM.”
FIDO Alliance president Michael Barrett, said: “It is with pride that the FIDO Alliance releases the review draft specifications to the public today, before our first anniversary of starting the long overdue revolution in authentication. Congratulations to our members for their insights, expertise, and tireless dedication to delivering better authentication that is more secure, private and easier-to-use than prevailing password schemas.
“With today’s public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises. Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies.”
The FIDO Alliance also announced that its membership has increased from six to close to 100 member companies, including BlackBerry, Google, Lenovo, Dell, Microsoft, RSA, Netflix and ARM.
“We are excited to join the FIDO Alliance in shaping the future of strong authentication,” said Mike D. Kail, vice president of IT operations at Netflix. “We look forward to collaborating with various sectors and industry experts and contributing experience and guidance on best security and authentication practices for Enterprise IT.”
