FIDO (Fast IDentity Online) Alliance Formed: Announces First Open Industry Standard for Online Authentication

By Peter Bernstein February 13, 2013

One of the great sticking points for creating trust, the foundation of all online activities be they for business or personal reasons and particularly in regard to transactions, is the complexity of authenticating. This means making sure you are who you say you are, the device you are using is yours, and that it is OK for you to interact.

Not only is it complicated, but it is also cumbersome and creates frustrations for the user and IT department alike. In an effort to cut through the clutter and come up with a solution that provides strong authentication, leading Internet companies, systems integrators and security providers have formed the FIDO (Fast IDentity Online) Alliance.  This is one to bookmark. It is a potential game-changer in the truest sense of the word.


Image via Shutterstock

Initial members of the group include, Agnitio, Infineon, Lenovo, Nok Nok Labs, PayPal and Validity. And, this is one organization that is not letting the grass grow under its feet. FIDO is actively soliciting membership and is already out with an interesting authentication protocol framework which it hopes to be out with a formal specification by the second half of this year. It is called the Online Security Transaction Protocol (OSTP) which will come with client/server components. It is an ambition to accomplish the vision at work here.

The problem being addressed

As noted in the announcement of the organization and OSTP, the issued being addressed is non-trivial. In essence, this is a path to make multi-factor authentication stronger and transparent to the user that eliminates passwords. Indeed, FIDO is claiming that, “Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

How OSTP will work is as follows. Information about the device and its authentication capabilities—if it has the Trusted Platform Module chip, webcam, fingerprint reader or other biometrics, or two-factor authentication— is combined with a cryptographic process to create a shared secret between the back-end server and the device. This OSTP-based multi-factor authentication will selectively be invoked voluntarily by the user for security during transactions.

PayPal has been the driving force behind this for obvious reasons, e.g., taking the hassle out of mobile payments. The goal as stated is that, “In an open FIDO world, all authentication methods and devices become compatible and interoperable with each other and with methods and devices to come...Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

Answering your questions The Alliance has good cause to look at their efforts as a dramatic shift from authentication capabilities that in many instances have been around for years. For those interested, check out their FAQ section, and the demos of FIDO in action.  The FIDO Alliance is literally and figuratively banking on this being a case of seeing is believing. They are advising that, “you'll be anxious to bury your passwords and PINs.” I for one certainly would enjoy not having to try and keep all of my passwords up-dated, yet know that I have strong authentication.

The history of our industry is that there have been lots of organizations with great intentions which fall by the wayside as corporate interests dictate whether to go along with the crowd or not. One can only hope that this organization draws a crowd from the industry because there is a much larger crowd that sure could stand a solution to the problem FIDO seems ready to solve.




Edited by Brooke Neuman
SHARE THIS ARTICLE
Related Articles

Post 'Clintongate': 3 Ways to Mitigate Shadow IT

By: TMCnet Special Guest    4/1/2015

What can enterprises learn from 'Clintongate'? The first lesson is that unapproved use of technology within organizations is known as "shadow IT," and…

Read More

President Obama Details Better Protection Against Cyber Threats

By: Steve Anderson    4/1/2015

Cyber threats present some of the most dangerous scenarios that can be endured by any person, or by any nation. Why? Because the threats not only rend…

Read More

Chrome OS Gets Major Push from Google

By: Joe Rizzo    4/1/2015

Android, Google's mobile operating system and Apple's iOS have about the same market share in the U.S., however in emerging regions, Android is poised…

Read More

Final Four Tips for Password Security

By: Peter Bernstein    4/1/2015

If you are like most people in the U.S. the past few weeks, you have been caught up in what is known here as "March Madness." This is the annual ritua…

Read More

Surface 3: Third Time's A Charm

By: Rob Enderle    3/31/2015

You can also update hardware with the new operating system and even though Surface sells initially with Windows 8 it will get an update to Windows 10 …

Read More