Categories: SecurityWorkspace

FIDO Standard Aims To Eliminate Passwords

An industry consortium that aims to establish online standards for two-factor and biometric authentication has released the first draft of its technical specifications.

The Fast Identity Online (FIDO) Alliance published a draft of its technical document on 11 February to allow nonmember companies to check out the specifications and develop products without actually joining the alliance.

Exchanging of authentication information

The FIDO Alliance aims to establish a common way for products and service providers to exchange authentication information, allowing customers to use a smartphone, USB token or some other device as security token.

If developers widely adopt the specification, it could allow consumers and workers to reduce their reliance on passwords, Phil Dunkelberger, chief executive of Nok Nok Labs, an authentication provider and a founding member of the FIDO Alliance, told eWEEK. A biometric, such as a picture or a thumbprint, could be used instead of a username-password combination, or a device or code could be added to a username and password to make the combination more secure.

“The specification is designed to allow you to use whatever you have in your hand as a second factor of authentication,” Dunkelberger said. “It allows you to use something you already have without forcing you to use something new.”

The open specification calls for two methods of improving authentication for users online. The first, known as the universal second factor (U2F), lets a service provider give users the ability to use any device, token or passcode generator as a second factor to strengthen authentication. The second method, known as the universal authentication framework (UAF), gives users the ability to register their device and use a biometric or other method to log into a web service.

Partner support

With either of the techniques, the collaboration among services and security firms promises to weaken online providers’ reliance on usernames and passwords, according to member companies.

“It is incumbent upon enterprise IT to begin moving away from the world of basic username/password authentication, and we are excited to join the FIDO Alliance in shaping the future of strong authentication,” said Mike D. Kail, vice president of IT Operations with Netflix, which recently joined the alliance.

Companies have already begun supporting the specification. Nok Nok Labs, a founding member of FIDO Alliance, announced the release of a server and desktop and mobile clients that allow a customer to use their mobile device or another computer to log into a service. The service provider can specify the strength of the authentication and support new and innovative forms of identity verification, Dunkelberger said.

Nok Nok estimates that between 200 million and 400 million users could be using this new authentication framework within the next 18 months. Because the specification calls for service providers to store authentication keys rather than passwords, the FIDO specification would limit the damage if a supporting online service was compromised.

Do you know all about Edward Snowden And the NSA? Take our quiz.

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago