FIDO (Fast IDentity Online) Alliance Formed: Announces First Open Industry Standard for Online Authentication

By Peter Bernstein February 13, 2013

One of the great sticking points for creating trust, the foundation of all online activities be they for business or personal reasons and particularly in regard to transactions, is the complexity of authenticating. This means making sure you are who you say you are, the device you are using is yours, and that it is OK for you to interact.

Not only is it complicated, but it is also cumbersome and creates frustrations for the user and IT department alike. In an effort to cut through the clutter and come up with a solution that provides strong authentication, leading Internet companies, systems integrators and security providers have formed the FIDO (Fast IDentity Online) Alliance.  This is one to bookmark. It is a potential game-changer in the truest sense of the word.


Image via Shutterstock

Initial members of the group include, Agnitio, Infineon, Lenovo, Nok Nok Labs, PayPal and Validity. And, this is one organization that is not letting the grass grow under its feet. FIDO is actively soliciting membership and is already out with an interesting authentication protocol framework which it hopes to be out with a formal specification by the second half of this year. It is called the Online Security Transaction Protocol (OSTP) which will come with client/server components. It is an ambition to accomplish the vision at work here.

The problem being addressed

As noted in the announcement of the organization and OSTP, the issued being addressed is non-trivial. In essence, this is a path to make multi-factor authentication stronger and transparent to the user that eliminates passwords. Indeed, FIDO is claiming that, “Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

How OSTP will work is as follows. Information about the device and its authentication capabilities—if it has the Trusted Platform Module chip, webcam, fingerprint reader or other biometrics, or two-factor authentication— is combined with a cryptographic process to create a shared secret between the back-end server and the device. This OSTP-based multi-factor authentication will selectively be invoked voluntarily by the user for security during transactions.

PayPal has been the driving force behind this for obvious reasons, e.g., taking the hassle out of mobile payments. The goal as stated is that, “In an open FIDO world, all authentication methods and devices become compatible and interoperable with each other and with methods and devices to come...Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

Answering your questions The Alliance has good cause to look at their efforts as a dramatic shift from authentication capabilities that in many instances have been around for years. For those interested, check out their FAQ section, and the demos of FIDO in action.  The FIDO Alliance is literally and figuratively banking on this being a case of seeing is believing. They are advising that, “you'll be anxious to bury your passwords and PINs.” I for one certainly would enjoy not having to try and keep all of my passwords up-dated, yet know that I have strong authentication.

The history of our industry is that there have been lots of organizations with great intentions which fall by the wayside as corporate interests dictate whether to go along with the crowd or not. One can only hope that this organization draws a crowd from the industry because there is a much larger crowd that sure could stand a solution to the problem FIDO seems ready to solve.




Edited by Brooke Neuman
SHARE THIS ARTICLE
Related Articles

Avaya Files Chapter 11, Plans Restructuring

By: Steve Anderson    1/20/2017

Avaya turns to Chapter 11 bankruptcy in a bid to make some key changes and attempt to recover for the future.

Read More

Reports of the Death of the Deskphone are Premature; Allworx Says We're on the Verge of a Deskphone Revolution

By: Erik Linask    1/19/2017

We've heard commentary about the death of the deskphone for several years now. Yet, if you look on most corporate desktops, you'll still find one. The…

Read More

Microsoft Makes AI Moves in Montreal

By: Alicia Young    1/19/2017

Recently, Microsoft has shown a growing interest in Montreal's booming artificial intelligence (AI) presence. This has spurred a series of acquisition…

Read More

What to Do About Netflix Shares

By: Steve Anderson    1/19/2017

Netflix has destroyed all estimates about its share prices, but how should investors respond?

Read More

The End of Work as We Know It: 6 Big Predictions for 2017

By: Farrell Hough    1/19/2017

The future of work in 2017 and beyond will center on using increasingly capable technologies to improve our productivity to the point where we can foc…

Read More