Back in February of this year, I wrote about the creation of the FIDO Alliance (Fast Identity Online). It was observed at that time that this was one group to really keep an eye on. An industry consortium dedicated to revolutionizing online authentication with the first standards-based open specifications for overcoming password dependency with universal strong authentication, FIDO has lived up to expectations.
The FIDO Alliance has announced that in just two short months it has:
“We are very pleased to count these outstanding global leaders among the ranks of the FIDO Alliance,” said Michael Barrett, FIDO Alliance president and PayPal (News - Alert) Chief Information Security Officer (CISO). “FIDO is compelling to those who can lead and affect change, because the open FIDO specifications promise to restore trust with stronger security that also simplifies the user experience and ensures privacy. By overcoming the limits of proprietary authentication methods, FIDO opens up a vast marketplace for strong authentication where FIDO enabled devices and services interoperate. We encourage all who require secure user authentication, and those who provide various methodologies to join us on a very fast track to FIDO universal strong authentication.”
FIDO Alliance VP and founder of Nok Nok Labs Ramesh Kesanupalli added that, “The momentum achieved by the FIDO Alliance since our public launch in February is impressive and speaks to the unanswered need in the marketplace for open, interoperable strong authentication. Google brings insights to implementing strong authentication at scale and illustrates how to bring pioneering research and initiatives into the FIDO Alliance.”
"Joining the FIDO Alliance is a great way to increase industry momentum around open standards for strong authentication," says Sam Srinivas, Product Management Director for Information Security at Google and FIDO Alliance Board Member. "We look forward to continuing our current development work on strong, universal second-factor tokens as part of a new FIDO Alliance working group."
For those unfamiliar with the open FIDO specifications, they are designed to support a full range of authentication technologies, including:
In addition, FIDO is dedicated to making sure the open specifications are extensible and can accommodate future innovation, as well as protect existing investments. The FIDO specifications allow the interaction of technologies within a single infrastructure, enabling security options to be tailored to the distinct needs of each user and organization.
“The need for universal strong authentication has reached a tipping point,” said Sebastien Taveau, FIDO technology working group chair and CTO of Validity Sensors, Inc. “And the support of the many FIDO Alliance members will ensure the rapid global adoption of an interoperable standard that protects the consumer’s many online identities.”
It is not too late to get in on the early FIDO activities. Its next member-only meeting will be in the San Francisco Bay Area May 13-16. Members will be engaged in defining market requirements, contributing to the FIDO specifications and be part of the ecosystem that will address the broad range of use cases and technologies.
One need glance no further than the daily news to resonate with the Taveau observation that we have reached a “tipping point.” Whether involved in online activities in our personal or business persona, the cumbersomeness of using and changing passwords, and the susceptibility of them to exploits by those with malicious intent are either self-evident or we have already been victims. What the FIDO Alliance is bringing to the table is the opportunity to not just improve the customer experience with something that is easy to use, but also provides a level of security that will be an exponential upgrade.
In fact, at the end of the day, what the FIDO Alliance will ultimately deliver is something of significant and sustainable value for individual end users as well as enterprise IT professionals. In three words, “Peace of Mind.” If you are in this space, even if you are a supplier of existing authentication technology, you should as I said back in February pay close attention and consider joining in some capacity. The interesting thing about tipping points is that eventually they fall in a certain direction. And, with all of the current concerns about online security, strong authentication that is easy to implement and administrate is a direction the industry is more than leaning toward.