FIDO Alliance Releases Authentication Specs for First Public Review

By Peter Bernstein February 12, 2014

The consensus in the security industry for some time has been that because of virtualization, the cloud, mobility and BYOD in the enterprise, authentication/identity is the new perimeter.  Unfortunately, as a result of the explosion in vectors of vulnerability and the sophistication of those with malicious intent, as the headlines shout almost daily the barbarians are not at the gate but have figured out how to storm or get around them. It is why so much attention has been paid to stronger authentication technologies.

The FIDO Alliance (Fat Identity online Alliance), an open industry consortium delivering standards for simpler, stronger authentication, has been actively working the challenge of coming up with standards that make it easier for all of us to access what we need securely, and has announced a milestone with release of its first public review draft technology specifications.  

Collaboratively developed by some for marquee info-tech companies in the world, the specs are designed to enable simpler, stronger authentication to scale in the market. FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to today's prevailing reliance on single-factor passwords.

A huge challenge

There is ample context for just how important this effort is. For example, as FIDO points out:

  • The Q1 2013 Forrester Wave™: Enterprise Fraud Management asserts the online services industry is seeing upwards of $200B in annual losses from password breaches and related hacks that exploit the vulnerabilities inherent in single-factor password systems.
  • The Verizon 2013 Network Investigations Data Breach Report found that 76 percent of network intrusions exploit weak or stolen credentials.
  • Gartner has highlighted that 20 to 50 percent of all help desk calls are for password resets, and  Forrester Research estimates help desk labor cost at $70 per password reset.
  • InMobile Consumer Insights, Jumio reports that 68 percent of smartphone and tablet owners have attempted to make purchases on their device. Due to problems during the payment process, 66 percent of that group abandoned transactions, and 47 percent of these said they abandoned transactions that took too long.

FIDO, in part in celebration of its first-year anniversary, says the release of its specifications, “Demonstrates momentum that attests to pent-up demand for simpler, stronger authentication that must scale, as only open industry standards can deliver.”

“It is with pride that the FIDO Alliance releases the review draft specifications to the public today, before our first anniversary of starting the long overdue revolution in authentication.  Congratulations to our members for their insights, expertise, and tireless dedication to delivering better authentication that is more secure, private and easier-to-use than prevailing password schemas,” said FIDO Alliance president, Michael Barrett. “With today’s public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises.  Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies.”

In addition to the release for review of the specifications, FIDO also revealed that its membership is approaching 100 strong, with Aetna, ARM, Dell, Discretix, IdentityX, Netflix, Next Biometrics, Oesterreichische Staatsdruckerei GmbH, Salesforce, SafeNet, Sonavation, STMicroelectronics, and Wave Systems being among the most recent companies to join as Sponsor members of the Alliance.

The specifications are device-centric

As FIDO explains, the new specifications emphasize a device-centric model that reflects the Alliance's dedication to usability, privacy and security. FIDO specifications will support a full range of authentication technologies, including:

  • Biometrics such as fingerprint and iris scanners
  • Voice and facial recognition, as well as further enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC).

They allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. In addition, the FIDO specifications complement and add value to identity federation. It should also be noted that in conjunction with the specifications the FIDO Alliance also has published a reference whitepaper

If you are looking to kick the tires of FIDO Ready products, they will be on display at this month’s Mobile World Congress 2014 (MWC 2014), RSA Security Conference and FIDO Public Forum Event in Palo Alto, California.  

As I have noted in previous articles on the work being done by FIDO, the traction they have gotten is impressive. They have demonstrated an ability unlike many other industry groups to move fast. In an era where speed has become critical, especially when it comes to providing security, it is why they are an organization to keep a close watch on.




Edited by Ryan Sartor
SHARE THIS ARTICLE
Related Articles

4 Biohacking Facts You Should Know About in 2017

By: Special Guest    8/18/2017

When it comes to biohacking, a more recent development in science, it involves combining the idea of hacking with biology. In today's world, biohackin…

Read More

Rest Your Weary Fingers: Voice Activation is Coming to a CRM Near You

By: Special Guest    8/9/2017

We spend a lot of time talking to our gadgets these days. Whether we're seeking directions from Siri or weather updates from Alexa, speech is quickly …

Read More

Kevin Kennedy Stepping Down, Will New Leadership Help Guide Avaya Back into Prominence?

By: Erik Linask    8/7/2017

After more than eight years as Avaya's chief executive, Kevin Kennedy will be stepping down from that role as of October 1, 2017. He'll be replaced by…

Read More

Micro-CT Scans Allow Researchers to Study Live Insects in 3D

By: Kayla Matthews    8/7/2017

The things we don't know about the natural world could fill textbooks. That's why excitement is the most appropriate response when we discover new way…

Read More

Gogo Making Air Travel More Productive

By: Erik Linask    8/4/2017

Gogo created tremendous hype when it first enabled in-flight connectivity on American Airlines, back in 2008. But, anyone who has used in-flight Wi-Fi…

Read More