Tuesday , November 26, 2024

The FIDO Alliance Releases Version 1 of Its Post-Password Online Authentication Standard

The Fast IDentity Online (FIDO) Alliance, a non-profit with more than 150 members in banking, payments, technology, and other industries, on Tuesday published its first standard for a better system of online authentication than the common but vulnerable user name and password.

“Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die,” Michael Barrett, president of the FIDO Alliance and former head of data security at PayPal Inc., said in a statement. “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet services and digital commerce.\”

Version 1.0 of FIDO’s standard has two specifications: Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). UAF provides protocols that enable non-password authentication, using biometrics or other technology. U2F adds a second layer of authentication to existing password infrastructure. Device manufacturers, including computer and smart-phone makers, along with online service providers can use the open, interoperable specifications to develop authentication systems that use biometrics, hardware tokens, or other authenticators and that work with a variety of hardware and software applications.

n

FIDO’s specifications rely on a base layer of authentication software from Palo Alto, Calif.-based Nok Nok Labs Inc., according to Al Pascual, director of the fraud and security practice at Pleasanton, Calif.-based Javelin Strategy and Research. Using that layer, online- and mobile-commerce providers as well as other companies can build authentication systems into their services that don’t rely on the old password-based systems. Weak or stolen login credentials play a role in 76% of data breaches, according to FIDO Alliance, citing data from Verizon Communications Corp. studies.

n

“The beauty of FIDO is it makes things far easier than they had been in integrating authentication,” says Pascual. For example, using the FIDO specs, a bank wanting to add voice authentication to its mobile-payment service doesn’t have to go with purely proprietary technology. “You can test a variety of solutions,” says Pascual. “It gives you a lot of flexibility.”

Ramesh Kesanupalli, founder and chief alliances officer at Nok Nok Labs and a co-founder of the FIDO Alliance, says the specifications promote development of authentication technology that works even with products from companies that haven’t joined FIDO Alliance, such as Apple Inc., which launched its Apple Pay service for its new iPhone 6 in October. “The beauty of the FIDO spec is it will work with Apple and non-Apple devices,” Kesanupalli says.

The first draft of the specifications came out last February, and products that use it already are in the market. For example, the Samsung Galaxy S5 smart phone has a fingerprint sensor that gives the user access to PayPal, one of the FIDO Alliance’s six co-founders.

The Alliance will have a webinar to explain the UAF standard. FIDO Alliance’s next project is to complete extension of the core 1.0 specifications to include near-field communication and Bluetooth technologies, both of which are playing key roles in mobile commerce.

In related news, Nok Nok said it had raised $8.25 million in Series C funding and also announced a new version of its S3 Authentication Suite that supports the final UAF standard.

Check Also

Eye on E-Commerce: DoorDash Launches In-App Gift Card Shopping; Noodles’ First E-Commerce Store

Delivery-services provider DoorDash is bringing in-app gift card shopping to its app. Launching Friday, the …

Digital Transactions