WHAT IS THE FIDO ALLIANCE?
FIDO stands for Fast IDentity Online. The FIDO Alliance will change the nature of online authentication by reducing the reliance on passwords to authenticate users. Fido was launched in February 2013 to acknowledge the lack of ability amongst strong authentication devices and problems that users are faced with trying to remember multiple passwords and usernames. The internet, especially now with recent cloud and rapid mobile expansions, exposes all users as well as both small and large enterprises to fraud.
It is critical to always know who you are dealing with when you are on the internet. The FIDO Alliance is a private sector and industry driven collaboration that is aimed to combat the very challenge of confirming your identity online. FIDO gives users the choice of way to authenticate and takes an open-based approach to standards and makes universal online authentication a reality. FIDO’s main objective is to make every vendor, organisation and company that needs to verify their user identity join in by making online authentication safer and easier for users everywhere.
WHAT ARE THE OBJECTIVES OF FIDO?
The FIDO Alliance takes privacy and security very seriously. FIDO’s aim is to support a vast range of authentication technologies. These will include iris scanners, voice and facial recognition, fingerprint scanners as well as existing solutions and communications standards. These include devices such as smart cards, USB security tokens, trusted platform modules, near field communication. When using the USB security token device you will simply be required to authenticate by using a simple security password or by simply pressing a button.
WHAT ARE THE GOALS OF FIDO?
The goal of the FIDO Alliance is to change the nature of authentication security on the web by developing a strategy, supporting programs and processes for the certification of products that are developed to the FIDO technical specifications. These defined processes will ensure compatibility of the testing of protocols and implications to the FIDO brand. FIDO aims to define technical specifications that will define an open, interoperable set of mechanisms that reduce the reliance on multiple passwords and usernames to authenticate users.
WHAT ARE THE SPECIFICATIONS OF FIDO?
FIDO provides two categories of user experiences – which one the user experiences will depend on if the user interacts with the Universal Second Factor protocol or the Universal Authentication Framework Protocol.
There are two sets of specifications that the FIDO Alliance has:-
PASSWORD UX (UAF)
• The user will present a local biometric or PIN
• The website can choose whether to retain password
• The user will carry client device with UAF stack installed
The password is supported by the Universal Authentication Framework (UAF) protocol. The user will register their device to the online service by either speaking into a mic, entering a pin, looking into a camera or swiping a finger etc. The UAF protocol allows the service to select the mechanisms that are presented to the user. Once registered the user simply needs to repeat the local authentication action whenever they need to authenticate from that device.
Second Factor UX (U2F)
• The user will present the U2F device
• The website can simplify the password with a 4 digit pin
• The user will carry the U2F device with a built-in support for web browsers
The second factor FIDO experience is supported by the Universal Second Factor (U2F) protocol. The user logs in with a username and password as before. The strong second factor is that it allows the service to simplify its password without compromising security. During registration and authentication, the user will present the second factor by simply pressing a button on a USB device or tapping over NFC.
WHO ARE THE MAJOR PLAYERS INVOLVED WITH FIDO?
The FIDO Alliance was formed in 2012. PayPal, Nok Nok Labs, Lenovo, Infineon, Validity Sensors and Agnitio were the founding companies. The first President and Vice President being Barrett and Kesanupalli. The Alliance received approval from the IRS for 501(coffee) status shortly after its incorporation. The Alliance was then publicly launched in February of 2013 and its member base has grown at a rapid pace from the six companies that had started it.
FIDO has started to achieve escape velocity since Google joined and contributed their technology to their effort. By the end of May 2014, FIDO members included, among others, CrucialTec, Google, MasterCard, Microsoft, Fingerprint Cards, SurePassld, Discover Financial Services, Discretix, NXP Semiconductors, Oberthur Technologies, Egistec Visa, Yubico, Agnitio, EyeLock, IDEX ASA, SecureKey, and Infineon Technologies.