December 13, 2013
Microsoft Looks Beyond Passwords With FIDO Alliance
Enid Burns for redOrbit.com - Your Universe Online
Microsoft is joining efforts with the FIDO Alliance (Fast IDentity Online), an industry consortium of parties looking to advance online authentication beyond passwords. Microsoft has joined as a member of the Board of Directors. The Redmond-based software maker will also work with the FIDO Alliance to produce open standards ensuring interoperability with strong authentication methods and technologies.
Google and BlackBerry already have representation on the FIDO Alliance board, as well as other industry companies. Just this week Lenovo and Nok Nok Labs also joined the FIDO Alliance. SafeNet and ValidSoft joined the consortium early in December.
"Microsoft has a track record of unwavering commitment to security and significant contributions to open standards organizations. Joining the FIDO Alliance Board of Directors is a logical step for us as a way to serve our customers and the community,” said David Treadwell, Corporate Vice President, Microsoft, in a corporate statement. "As a contributor to the FIDO Alliance working groups on next generation authentication, we look forward to furthering our innovation and thought leadership in the identity space."
Microsoft's entry to the FIDO Alliance should increase recognition for the group and provide increased collaboration among member companies.
"Microsoft joining FIDO Alliance's Board is a key milestone to reaching the post UN/PW Authentication era of strong Authentication," said Sami Nassar vice president and general manager Authentication, NXP Semiconductors, in a corporate statement. "With the support from industry leaders across the value chain, from semiconductors to relying parties, FIDO adds cloud security without compromising privacy and simplicity for consumers and enterprise users."
FIDO Alliance, which launched in July 2012, hopes to create specifications for security devices and browser plugins that will supplant passwords.
"Authentication hardware and software widely varies, with many proprietary clients and protocols. FIDO hopes that standardizing authentication technologies will lead to better interoperability and innovations in biometrics, PINs (personal identification numbers) and secondary authentication technologies, according to its website." PC World's Jeremy Kirk wrote.
The password has long been an industry standard. And for almost as long, it has been criticized for its ability to be defeated. "Usernames and passwords underpin most online services but are easy to intercept. Computer security experts have long warned of password weaknesses, such as easy-to-guess ones and people who reuse them across multiple services," Kirk wrote.
One aim for FIDO is the creation of a software client on computers that uses public key cryptography to authenticate users, PC World reports. The initial focus will be to secure access through web browsers to web applications. However the authentication practices can extend to computers, terminals and smartphones over time.
Authentication methods proposed by FIDO Alliance include biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE) and Near Field Communication (NFC). Open specifications are currently being discussed to determine the most reliable methods.