Cyber Security Featured Article

FIDO Alliance Progress is Beginning of the End for Passwords

June 21, 2016

The technical capability of hackers is getting more sophisticated as witnessed by their continuing success in finding and exploiting the vulnerabilities of the most secured systems in the world. Whether it is banks that spend tens of millions on digital security, or government agencies that are supposed to have the best solutions in place, no one is immune. The FIDO Alliance wants to add another layer of protection in the way we access our digital platforms by doing away with passwords and providing better authentication solutions.

Passwords are effective if they are strong and no one has access to them, but not everyone creates a strong password and hackers have become experts in taking advantage of this lapse in judgment. According to the Verizon 2016 Data Breach Investigations Report, 63 percent of all data breaches involve the use of stolen, weak, or default passwords.

The FIDO Alliance, along with technology solutions and service providers, are developing new standards for solving the problems with passwords that are gaining traction in the market. Anyone with a digital presence understands the risks and consequences of a breach, so solutions that all together eliminate or reduce password dependency are receiving a warm reception.

With FIDO, the user only has to provide biometric information to be securely authenticated to an online service that supports the specification. This can be an iris scan, facial recognition, a fingerprint or speech-based, which are not stored on servers and never leave the user's device.

"When we started tackling the password problem, we knew that our solution first and foremost would have to be based on proven security to stop the ongoing onslaught of data breaches," said Brett McDowell, executive director of the FIDO Alliance. "Second, users will have to actually want to use it. And third, it would have to be an open industry standard so it could become ubiquitously adopted by the whole internet ecosystem."

The FIDO specifications were released a year ago, and more than 200 products from leading brands in technology have been certified. Some of these companies are eBay, Google, Lenovo, LG, Qualcomm, Samsung, Sony and many others. The latest company that will be deploying FIDO certified products is Microsoft for its Windows 10 operating system.

As the number of FIDO Certified products continues to increase, the Alliance has just announced the support of yet another technology, Bluetooth for wireless strong authentication, which will protect wireless connectivity.

The FIDO Alliance was formed in 2012 to bring together everyone in the tech world and address the problems with passwords by providing a solution that can be easily adopted by users and service providers alike.

As our reliance on digital technology permeates every aspect of our lives, new authentication measures have to be implemented to ensure the identities of users are well protected. FIDO Certified products have made that possible.  Passwords are likely to be around for a long time, but obviating the need for them while providing strong authentication is the path forward and it is encouraging to see the progress the FIDO Alliance continues to achieve. 

Indeed, FIDO is something that members of the Cyber Security Trend Community not only need to be aware of, and hopefully become training on, but also should think about where in their organization FIDO fits. 




Edited by Peter Bernstein

Article comments powered by Disqus
Free Subscription