The Fast Identity Online, or FIDO, Alliance announced on Tuesday that it finalized the technical rules that companies must follow to get new, secure login systems running. Websites and apps could replace passwords altogether or combine traditional logins with a second element such as a USB key, fingerprint scanning or eye or voice recognition. "Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die," said Michael Barrett, president of the FIDO Alliance. "FIDO Alliance pioneers can forever lay claim to ushering in the 'post password' era, which is already revealing new dimensions in Internet services and digital commerce."
According to Verizon’s Data Breach Investigations Report, weak or stolen login credentials were a factor in more than 76 percent of the breaches analyzed. Responding to the risk and loss perpetuated by prevailing password systems, FIDO specifications define an open, scalable, interoperable set of strong authentication mechanisms that reduce the reliance on singlefactor username and password login.
The specifications outline a new standard for devices, servers and client software, including browsers, browser plugins, and native app subsystems. Any website or cloud application can interface with a broad variety of existing and future FIDOenabled authenticators, ranging from biometrics to hardware tokens, to be used by consumers, enterprises, service providers, governments and organizations of all types.
Both the new specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F) - are unencumbered by FIDO member patents. Members are free to implement and market solutions around FIDOenabled strong authentication, and nonmembers are free to deploy those solutions.
While the core 1.0 specifications are final, the FIDO Alliance is nearing completion of extensions that will incorporate Near Field Communications (NFC) and Bluetooth into the range of FIDO capabilities.
The FIDO (Fast IDentity Online) Alliance includes Microsoft, Google, PayPal, Bank of America, MasterCard and Visa. Also included are device manufacturers such as Dell, Samsung and BlackBerry, and even enterprises offering various services such as Aetna and Netflix.