Aren’t passwords a pain in the neck? You’re advised by your bank to keep a different password than your cable
company and your telecom system, everyone tells you to keep a different password from everyone else, password manager is just another word for “big electronic basket of eggs,” and you’re never going to remember “3ta01n$hRd&1u”, much less where you wrote it down.
And speaking of writing things down — heaven help you if you do that. It’ll never survive the Great Coffee Spill of 2015 anyway. Mine didn’t, two years ago. There’s got to be a better way.
Lo and behold, along comes the FIDO Alliance to the rescue.
The FIDO Alliance, you say? Who are they, anyway?
FIDO is not a dog in this case, but rather a 501(C) 6 non-profit group formed in the summer of 2012 to examine the issues users have with creating and subsequently remembering multiple usernames and their associated strong passwords. FIDO, or Fast IDentity Online, was formed also to take a look at the inherent lack of interoperability between strong authentication devices. They are backed by many of the most recognizable names in technology today, such as Google, PayPal, and Microsoft, among others.
The FIDO Alliance would like to alter the nature of authentication itself. They plan on doing this by creating specifications that will define a scalable, interoperable, and open set of procedures that will replace users’ age-old reliance on passwords to securely authenticate themselves as proper users of online services. This proposed standard for browser plugins and security devices will enable any given cloud application or website to interact with a wide variety of already existing and future FIDO-enabled devices which the user will have in their possession for online security.
How FIDO Works
The new and alternative approach to user authentication will require software to be downloaded onto the user’s device. This software will then be able to identify the user by authenticating the device itself, then subsequently returning the FIDO protocol to a server belonging to a third party, such as Google Wallet. Another well-known third party proxy would be PayPal.
The general idea is that once you enter the FIDO site, they’ll be able to query the device you’re using. It will be expected to be using a client for FIDO that will respond, telling the site that the device is being used by a registered person. And you won’t need an unwieldy password to prove it.
Biometrics are one way that FIDO will work — fingerprint readers, facial recognition, and so on. You can even use the front-facing camera on your smartphone to perform as a retinal scanner that’s good enough to meet FIDO’s standards.
Regardless of what tools are used — biometrics, speech recognition, dongles, handwriting analysis — FIDO seeks to remove the scourge of passwords, PINs, and usernames from the face of the world as soon as possible.
FIDO Gaining Ground
FIDO is not simply an upstart effort. They are putting real effort into the movement, having recently released version 1.0 of their official specifications. This is a move that many vendors hope will be a defining moment that helps spark a more widespread adoption of multi-factor authentication.
Granted, this has been done before by other companies, but not to this level, and not this deeply. FIDO seems poised for success, if only because they have done things differently from the beginning. They have aimed to create integration between websites, payment processors, authentication products and smartphones. Perhaps more importantly in this new app-centric world, they’ve aimed to make non-traditional authentication — and by that I mean different, non-username-and-password — easy for the people who will ultimately be using it.
FIDO hopes that the release of their specifications will help drive interest in their product, especially in cases of the many high-profile enterprise data break-ins that have been tied to breaches of authentication — where usernames and passwords were stolen.
About the Author
Michelle Patterson is excited with the new technologies that are threatening to change the way we stay in touch and communicate, particular in business. She works with companies that are introducing these technologies to make understanding them easy for regular people.
