Menu
Security group plans for a future without passwords

Security group plans for a future without passwords

The FIDO Alliance encourages stronger use of biometrics and hardware tokens instead of passwords to identify users

Having to remember multiple passwords may soon be a thing of the past.

Setting the stage for a password-free future, an industry consortium has issued a set of instructions that specify a number of alternate ways that computers and devices can confirm a user's identity. The FIDO (Fast IDentity Online) Alliance, which issued the specifications on Tuesday, is backed by a number of large companies in the IT and banking industries, including Microsoft, Google, PayPal, Bank of America, and MasterCard.

After two years of work, FIDO has issued the first fully completed drafts of two specifications - the Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). If widely deployed, these specifications could form the basis for securing online communications without using passwords, which are cumbersome and can pose security threats.

The two specifications describe procedures that systems can use to verify a person's identity. For instance, biometric sensors such as fingerprint readers could identify a user's identity. A portable hardware token, which can be carried about, could also be used to authenticate individuals.

Today, most users log on to secured online services using passwords, yet this approach remains problematic. More than 76 percent of online breaches exploit weak or stolen log-in credentials, according to a survey from Verizon. While other forms of authentication such as biometrics have long been available, there has been little industry consensus on how these security mechanisms should be implemented, leading to a fragmented and complex environment for online authentication management.

Members of the FIDO Alliance are now able to use these specifications to build security systems. Companies such as Google, PayPal, Samsung and Alibaba have already incorporated early drafts of the specifications into their products and services.

Now that it has finished the core specifications, the FIDO Alliance is working on a set of extensions that will incorporate additional forms of access security, such as establishing identities using Near Field Communications and Bluetooth wireless communications.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags BlackberryGooglesecuritybiometricsIdentity fraud / theft

Featured

Slideshows

HP channel recognised at 2017 Partner Awards

HP channel recognised at 2017 Partner Awards

The HP Partner Awards 2017 at Shed 10 kicked off with an AMD-sponsored hackers lounge, a mysterious gaming style area filled with dry ice and red lasers, the waiters wearing Mr Robot style masks.

HP channel recognised at 2017 Partner Awards
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments