One of the great sticking points for creating trust, the foundation of all online activities be they for business or personal reasons and particularly in regard to transactions, is the complexity of authenticating. This means making sure you are who you say you are, the device you are using is yours, and that it is OK for you to interact.
Not only is it complicated, but it is also cumbersome and creates frustrations for the user and IT department alike. In an effort to cut through the clutter and come up with a solution that provides strong authentication, leading Internet companies, systems integrators and security providers have formed the FIDO (Fast IDentity Online) Alliance. This is one to bookmark. It is a potential game-changer in the truest sense of the word.
Image via Shutterstock
Initial members of the group include, Agnitio, Infineon, Lenovo, Nok Nok Labs, PayPal and Validity. And, this is one organization that is not letting the grass grow under its feet. FIDO is actively soliciting membership and is already out with an interesting authentication protocol framework which it hopes to be out with a formal specification by the second half of this year. It is called the Online Security Transaction Protocol (OSTP) which will come with client/server components. It is an ambition to accomplish the vision at work here.
The problem being addressed
As noted in the announcement of the organization and OSTP, the issued being addressed is non-trivial. In essence, this is a path to make multi-factor authentication stronger and transparent to the user that eliminates passwords. Indeed, FIDO is claiming that, “Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”
How OSTP will work is as follows. Information about the device and its authentication capabilities—if it has the Trusted Platform Module chip, webcam, fingerprint reader or other biometrics, or two-factor authentication— is combined with a cryptographic process to create a shared secret between the back-end server and the device. This OSTP-based multi-factor authentication will selectively be invoked voluntarily by the user for security during transactions.
PayPal has been the driving force behind this for obvious reasons, e.g., taking the hassle out of mobile payments. The goal as stated is that, “In an open FIDO world, all authentication methods and devices become compatible and interoperable with each other and with methods and devices to come...Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”
Answering your questions The Alliance has good cause to look at their efforts as a dramatic shift from authentication capabilities that in many instances have been around for years. For those interested, check out their FAQ section, and the demos of FIDO in action. The FIDO Alliance is literally and figuratively banking on this being a case of seeing is believing. They are advising that, “you'll be anxious to bury your passwords and PINs.” I for one certainly would enjoy not having to try and keep all of my passwords up-dated, yet know that I have strong authentication.
The history of our industry is that there have been lots of organizations with great intentions which fall by the wayside as corporate interests dictate whether to go along with the crowd or not. One can only hope that this organization draws a crowd from the industry because there is a much larger crowd that sure could stand a solution to the problem FIDO seems ready to solve.
The USC Shoah Foundation was founded by Steven Spielberg in 1994 to document first-hand accounts of the Holocaust for future generations. Since then, …
Roman Valeryevich Seleznev was sentenced to 27 years in prison last week in the U.S. for stealing millions of credit card details from businesses.
Microsoft gunning for a place in the human capital management sphere with new application, and the addition of Dynamics 365 to LinkedIn.
Intellectual property is considered an intangible asset and can include things like recipe ingredients, articles, logos, and proprietary systems and p…
I've been looking at a lot of the comments on game review articles and forums of late, and gamers appear to be disappointed that the games aren't gett…