Mountain View, CA, 11 Dec 2014
The FIDO (Fast IDentity Online) Alliance (https://www.fidoalliance.org/), an open industry consortium delivering standards for simpler, stronger authentication, today published the final 1.0 drafts of its two specifications - Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).
Members of the FIDO Alliance comprise device manufacturers, online service providers and enterprises, who can now implement and broadly commercialise FIDO 1.0 specifications to make authentication simpler and stronger for all.
"Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die," said Michael Barrett, president of the FIDO Alliance. "FIDO Alliance pioneers can forever lay claim to ushering in the 'post password' era, which is already revealing new dimensions in Internet services and digital commerce."
According to Verizon's Data Breach Investigations Report, weak or stolen login credentials were a factor in more than 76% of the breaches analysed. Along with Verizon, Ponemon Research and PwC report that the volume and severity of data breaches is continuing to rise, with centralised datasets of personal and sensitive information being the most targeted and the most vulnerable to scaled attacks.
Responding to the risk and loss perpetuated by prevailing password systems, FIDO specifications define an open, scalable, interoperable set of strong authentication mechanisms that reduce the reliance on single-factor username and password login.
The specifications outline a new standard for devices, servers and client software, including browsers, browser plug-ins and native app subsystems. Any Web site or cloud application can interface with a broad variety of existing and future FIDO-enabled authenticators, ranging from biometrics to hardware tokens, to be used by consumers, enterprises, service providers, governments and organisations of all types.
Keeping with the FIDO Alliance mission, both specifications are unencumbered by FIDO member patents. Members are free to implement and market solutions around FIDO-enabled strong authentication, and non-members are free to deploy those solutions. As previously announced, current implementations available in the market include those from Nok Nok Labs, Synaptics, Alibaba, PayPal, Samsung, Google, Yubico and Plug-Up.
While the core 1.0 specifications are final, the FIDO Alliance is nearing completion of extensions that will incorporate Near Field Communications (NFC) and Bluetooth into the range of FIDO capabilities. Continuing evolution of the specifications based on new requirements and/or deployment experience will help ensure ongoing alignment of FIDO standards with demands in the consumer devices, online services and enterprise markets.
"The fact that the FIDO Alliance was able to develop complete specifications so quickly and with such broad support is evidence that it is tackling a pervasive industry pain point," said Steve Wilson, Vice-President and Principal Consultant at Constellation Research. "No consortium in the identity management (IDM) industry has ever grown so fast, with such strong representation from the technology buy side. What's most impressive is the FIDO Alliance's focus on the authentication plumbing. The protocols enable trusted client devices to trade just the right data about their users. FIDO specifications aren't tangled up in messy identity policy decisions. It's an elegant breakthrough, and, going forward, it should drive a lot of the classic complexity out of the IDM space."
"Our members' determination, co-operation and tireless perseverance have delivered this landmark accomplishment in less than two years from announcing the FIDO Alliance and its goal to develop industry open standards for interoperable, privacy-respecting strong authentication," said Brett McDowell, executive director of the FIDO Alliance. "I applaud and congratulate the members of the FIDO Alliance on these accomplishments, and look forward to our continued collective effort to bring FIDO-enabled experiences to the global marketplace in 2015 and beyond."
Share