Security group plans for a future without passwords

The FIDO Alliance encourages stronger use of biometrics and hardware tokens instead of passwords to identify users

(IDG News Service) on

Having to remember multiple passwords may soon be a thing of the past.

Setting the stage for a password-free future, an industry consortium has issued a set of instructions that specify a number of alternate ways that computers and devices can confirm a user's identity. The FIDO (Fast IDentity Online) Alliance, which issued the specifications on Tuesday, is backed by a number of large companies in the IT and banking industries, including Microsoft, Google, PayPal, Bank of America, and MasterCard.

After two years of work, FIDO has issued the first fully completed drafts of two specifications - the Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). If widely deployed, these specifications could form the basis for securing online communications without using passwords, which are cumbersome and can pose security threats.

The two specifications describe procedures that systems can use to verify a person's identity. For instance, biometric sensors such as fingerprint readers could identify a user's identity. A portable hardware token, which can be carried about, could also be used to authenticate individuals.

Today, most users log on to secured online services using passwords, yet this approach remains problematic. More than 76 percent of online breaches exploit weak or stolen log-in credentials, according to a survey from Verizon. While other forms of authentication such as biometrics have long been available, there has been little industry consensus on how these security mechanisms should be implemented, leading to a fragmented and complex environment for online authentication management.

Members of the FIDO Alliance are now able to use these specifications to build security systems. Companies such as Google, PayPal, Samsung and Alibaba have already incorporated early drafts of the specifications into their products and services.

Now that it has finished the core specifications, the FIDO Alliance is working on a set of extensions that will incorporate additional forms of access security, such as establishing identities using Near Field Communications and Bluetooth wireless communications.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is [email protected]

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags BlackberryGooglebiometricsIdentity fraud / theft

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments
Security Watch
Best NBN Plans
Best Mobile Plans

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Back to topHome

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?