FIDO (Fast IDentity Online) Alliance Formed: Announces First Open Industry Standard for Online Authentication

By Peter Bernstein February 13, 2013

One of the great sticking points for creating trust, the foundation of all online activities be they for business or personal reasons and particularly in regard to transactions, is the complexity of authenticating. This means making sure you are who you say you are, the device you are using is yours, and that it is OK for you to interact.

Not only is it complicated, but it is also cumbersome and creates frustrations for the user and IT department alike. In an effort to cut through the clutter and come up with a solution that provides strong authentication, leading Internet companies, systems integrators and security providers have formed the FIDO (Fast IDentity Online) Alliance.  This is one to bookmark. It is a potential game-changer in the truest sense of the word.


Image via Shutterstock

Initial members of the group include, Agnitio, Infineon, Lenovo, Nok Nok Labs, PayPal and Validity. And, this is one organization that is not letting the grass grow under its feet. FIDO is actively soliciting membership and is already out with an interesting authentication protocol framework which it hopes to be out with a formal specification by the second half of this year. It is called the Online Security Transaction Protocol (OSTP) which will come with client/server components. It is an ambition to accomplish the vision at work here.

The problem being addressed

As noted in the announcement of the organization and OSTP, the issued being addressed is non-trivial. In essence, this is a path to make multi-factor authentication stronger and transparent to the user that eliminates passwords. Indeed, FIDO is claiming that, “Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

How OSTP will work is as follows. Information about the device and its authentication capabilities—if it has the Trusted Platform Module chip, webcam, fingerprint reader or other biometrics, or two-factor authentication— is combined with a cryptographic process to create a shared secret between the back-end server and the device. This OSTP-based multi-factor authentication will selectively be invoked voluntarily by the user for security during transactions.

PayPal has been the driving force behind this for obvious reasons, e.g., taking the hassle out of mobile payments. The goal as stated is that, “In an open FIDO world, all authentication methods and devices become compatible and interoperable with each other and with methods and devices to come...Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

Answering your questions The Alliance has good cause to look at their efforts as a dramatic shift from authentication capabilities that in many instances have been around for years. For those interested, check out their FAQ section, and the demos of FIDO in action.  The FIDO Alliance is literally and figuratively banking on this being a case of seeing is believing. They are advising that, “you'll be anxious to bury your passwords and PINs.” I for one certainly would enjoy not having to try and keep all of my passwords up-dated, yet know that I have strong authentication.

The history of our industry is that there have been lots of organizations with great intentions which fall by the wayside as corporate interests dictate whether to go along with the crowd or not. One can only hope that this organization draws a crowd from the industry because there is a much larger crowd that sure could stand a solution to the problem FIDO seems ready to solve.




Edited by Brooke Neuman
SHARE THIS ARTICLE
Related Articles

Facebook Closes 50 Million Dollar Deal for Live Streaming

By: Andrew Bindelglass    6/24/2016

Facebook seems like it is ready to launch a fledgling version of Facebook Live in the near future, Osofsky said. "We have an early beta programm for a…

Read More

Twilio IPO: Bellwether or Blip for the API Business?

By: Doug Mohney    6/23/2016

San Francisco-based Twilio counts Uber, Open Table, and Nordstrom among its customers. In 2015, the company's revenues were around $167 million with a…

Read More

Brexit: The Whole World is Watching! Including Tech

By: Peter Bernstein    6/20/2016

It is hard to imagine a vote on something- even for those of us in the U.S. consumed and amazed by the daily barrage of presidential election year pol…

Read More

How Steve Jobs Would Fix Apple

By: Rob Enderle    6/20/2016

It is hard to see Apple in trouble. It has massive reserves and remains one of the most powerful brands in the market, yet every week seems to contain…

Read More

Twitter Invests $70M in SoundCloud

By: Andrew Bindelglass    6/16/2016

It seems that SoundCloud sees much of the benefit in this partnership with Twitter in the rollout of their new subscription service that is meant to s…

Read More