Passwords, time and again, have proved to be rather inadequate in keeping hackers at bay will millions of users affected by security breaches every year.
Alternative authentication systems are being actively looked into and one of the consortia working in this direction is the FIDO Alliance. Over the years more and more companies have joined hands with the alliance and in the latest update about the number of products certified by FIDO, it has been revealed that more than 200 products now carry the ‘FIDO Certified’ mark.
FIDO Alliance revealed in a press release that this increase is an 100 per cent increase over the start of 2016 and this means that service providers around the world who are looking for FIDO Certified products now have a much larger inventory to chose from.
The FIDO Alliance is the cross-industry consortia that provides a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables web service providers to deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
One of the major drivers of movement towards search of alternative means of authentication is the rather incomplete security that password based authentication systems provide. Increasing number of security breaches occur due to use of simple passwords that are being used across a number of applications.
Acknowledging the need to move away from password based authentication systems, service providers including Google, PayPal, Samsung, Bank of America, NTT DOCOMO, Dropbox, GitHub and GOV.UK Verify have made FIDO authentication available to protect hundreds of millions of end-users’ desktop and mobile apps, while RSA and eBay are among the many companies that have launched FIDO Certified solutions to facilitate enterprise and commercial deployments.
Microsoft also will be integrating FIDO into Windows 10 for passwordless authentication, while the FIDO Alliance is working with the World Wide Web Consortium (W3C) to standardize FIDO strong authentication across all web browsers and related web platform infrastructure.
FIDO Strong Authentication is Simpler than Other Options
FIDO authentication is much simpler than remembering all kinds of passwords or other forms of strong authentication. The user simply needs to look at something (iris scan, facial recognition), touch something (fingerprint sensor, security key, wearable), say something (voice recognition) to be securely authenticated to any online service that supports FIDO. For security, FIDO uses public key cryptography and is strongly resistant to phishing, while user credentials and biometric templates are never stored on servers and never leave the user’s device.
“When we started tackling the password problem, we knew that our solution first and foremost would have to be based on proven security to stop the ongoing onslaught of data breaches,” said Brett McDowell, executive director of the FIDO Alliance. “Second, users will have to actually want to use it. And third, it would have to be an open industry standard so it could become ubiquitously adopted by the whole internet ecosystem. This is what we have designed with FIDO, and as the adoption momentum demonstrates, we are well on the path towards that ubiquity.”