Categories: SecurityWorkspace

FIDO Standard Aims To Eliminate Passwords

An industry consortium that aims to establish online standards for two-factor and biometric authentication has released the first draft of its technical specifications.

The Fast Identity Online (FIDO) Alliance published a draft of its technical document on 11 February to allow nonmember companies to check out the specifications and develop products without actually joining the alliance.

Exchanging of authentication information

The FIDO Alliance aims to establish a common way for products and service providers to exchange authentication information, allowing customers to use a smartphone, USB token or some other device as security token.

If developers widely adopt the specification, it could allow consumers and workers to reduce their reliance on passwords, Phil Dunkelberger, chief executive of Nok Nok Labs, an authentication provider and a founding member of the FIDO Alliance, told eWEEK. A biometric, such as a picture or a thumbprint, could be used instead of a username-password combination, or a device or code could be added to a username and password to make the combination more secure.

“The specification is designed to allow you to use whatever you have in your hand as a second factor of authentication,” Dunkelberger said. “It allows you to use something you already have without forcing you to use something new.”

The open specification calls for two methods of improving authentication for users online. The first, known as the universal second factor (U2F), lets a service provider give users the ability to use any device, token or passcode generator as a second factor to strengthen authentication. The second method, known as the universal authentication framework (UAF), gives users the ability to register their device and use a biometric or other method to log into a web service.

Partner support

With either of the techniques, the collaboration among services and security firms promises to weaken online providers’ reliance on usernames and passwords, according to member companies.

“It is incumbent upon enterprise IT to begin moving away from the world of basic username/password authentication, and we are excited to join the FIDO Alliance in shaping the future of strong authentication,” said Mike D. Kail, vice president of IT Operations with Netflix, which recently joined the alliance.

Companies have already begun supporting the specification. Nok Nok Labs, a founding member of FIDO Alliance, announced the release of a server and desktop and mobile clients that allow a customer to use their mobile device or another computer to log into a service. The service provider can specify the strength of the authentication and support new and innovative forms of identity verification, Dunkelberger said.

Nok Nok estimates that between 200 million and 400 million users could be using this new authentication framework within the next 18 months. Because the specification calls for service providers to store authentication keys rather than passwords, the FIDO specification would limit the damage if a supporting online service was compromised.

Do you know all about Edward Snowden And the NSA? Take our quiz.

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

8 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

9 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

9 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

11 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

14 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

14 hours ago