FIDO 1.0 Specifications Are Published and Final – Preparing for Broad Industry Adoption of Strong Authentication in 2015
MOUNTAIN VIEW, CA — (Marketwired) — 12/09/14 — The FIDO (Fast IDentity Online) Alliance (https://www.fidoalliance.org/), an open industry consortium delivering standards for simpler, stronger authentication, today published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). Members of the FIDO Alliance comprise device manufacturers, online service providers and enterprises, who can now implement and broadly commercialize FIDO 1.0 specifications to make authentication simpler and stronger for all.
“Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die,” said Michael Barrett, president of the FIDO Alliance. “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet services and digital commerce.”
According to Verizon’s Data Breach Investigations Report, weak or stolen login credentials were a factor in more than 76 percent of the breaches analyzed. Along with Verizon, Ponemon Research and PwC report that the volume and severity of data breaches is continuing to rise, with centralized datasets of personal and sensitive information being the most targeted and the most vulnerable to scaled attacks. Responding to the risk and loss perpetuated by prevailing password systems, FIDO specifications define an open, scalable, interoperable set of strong authentication mechanisms that reduce the reliance on single-factor username and password login.
The specifications outline a new standard for devices, servers and client software, including browsers, browser plugins, and native app subsystems. Any website or cloud application can interface with a broad variety of existing and future FIDO-enabled authenticators, ranging from biometrics to hardware tokens, to be used by consumers, enterprises, service providers, governments and organizations of all types.
Keeping with the FIDO Alliance mission, both specifications are unencumbered by FIDO member patents. Members are free to implement and market solutions around FIDO-enabled strong authentication, and non-members are free to deploy those solutions. As previously announced, current implementations available in the market include those from Nok Nok Labs, Synaptics, Alibaba, PayPal, Samsung, Google, Yubico and Plug-Up.
While the core 1.0 specifications are final, the FIDO Alliance is nearing completion of extensions that will incorporate Near Field Communications (NFC) and Bluetooth into the range of FIDO capabilities. Continuing evolution of the specifications based on new requirements and/or deployment experience will help ensure ongoing alignment of FIDO standards with demands in the consumer devices, online services and enterprise markets.
“The fact that the FIDO Alliance was able to develop complete specifications so quickly and with such broad support is evidence that they are tackling a pervasive industry pain point,” said Steve Wilson, Vice President and Principal Consultant at Constellation Research. “No consortium in the identity management (IdM) industry has ever grown so fast, with such strong representation from the technology buy side. What’s most impressive is the FIDO Alliance’s focus on the authentication plumbing. The protocols enable trusted client devices to trade just the right data about their users. FIDO specifications aren’t tangled up in messy identity policy decisions. It’s an elegant breakthrough, and, going forward, it should drive a lot of the classic complexity out of the IdM space.”
“Our members’ determination, cooperation and tireless perseverance have delivered this landmark accomplishment in less than two years from announcing the FIDO Alliance and its goal to develop industry open standards for interoperable, privacy-respecting strong authentication,” said Brett McDowell, executive director of the FIDO Alliance. “I applaud and congratulate the members of the FIDO Alliance on these accomplishments, and look forward to our continued collective effort to bring FIDO-enabled experiences to the global marketplace in 2015 and beyond.”
About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.
The FIDO Alliance Board of Directors includes leading global organizations: Alibaba Holdings (NYSE: BABA); ARM Holdings plc (LSE: ARM) (NASDAQ: ARMH); Bank of America Corporation (NYSE: BAC); BlackBerry®; CrucialTec (KRX: 114120); Discover Financial Services (NYSE: DFS); Google; IdentityX; Lenovo; MasterCard (NYSE: MA); Microsoft (NASDAQ: MSFT); Nok Nok Labs, Inc.; NXP Semiconductors N.V. (NASDAQ: NXPI); Oberthur Technologies OT; PayPal (NASDAQ: EBAY); Qualcomm, Inc. (NASDAQ: QCOM); RSA®; Samsung Electronics, Ltd (KOSCOM: SECL); Synaptics (NASDAQ: SYNA); Visa Inc. (NYSE: V); Yubico.
Source: The FIDO Alliance