fidoalliance
Latest
The web just got an official password-free login standard
Web Authentication (aka WebAuthn) has been a de facto standard for no-password web sign-ins for a while given that many tech giants are already using it, but now it's official. The World Wide Web Consortium and the FIDO Alliance have finalized the Web Authentication format, making it the go-to option for logging into accounts with potentially greater security and convenience than typing in your credentials. If a site supports it, you can get in using biometrics (such as fingerprints or facial recognition), USB security keys, or nearby mobile devices like phones and smartwatches.
Android will support more password-free sign-ins
It just became that much easier to ditch passwords on your phone. Android is officially FIDO2 certified, making it possible to sign into supporting apps and websites (such as pages that rely on the WebAuthn standard) using a fingerprint or a physical security key. You might not have to punch in a passcode every time you want to check your bank statement, for instance.
Biometric security now has an industry-wide testing standard
Biometric security is par for the course on smartphones and increasingly common on PCs, but there hasn't been a standard way to verify that the technology passes muster. That's where the FIDO Alliance might help. It's launching a first-of-its-kind Biometric Component Certification Program that will use independent labs to test the performance and security of fingerprint readers, face recognition and other sign-in devices across the industry. If a vendor wants to show that its face unlock feature can't be fooled by a photo, it won't have to jump through hoops to prove it.
Google Chrome now supports more password-free sign-ins
Google is acting on its promise to banish more passwords. It just released Chrome 67 for the desktop, bringing the Web Authentication standard to what's arguably the most popular browser. As with Firefox, the technology allows password-free sign-ins (such as USB keys) through virtually any website rather than having to access specific services. And don't worry if you're still comfortable typing things in -- there are a few other useful additions.
Web standard brings password-free sign-ins to virtually any site
Tech companies have been trying to do away with web passwords for years, but now it looks like they've reached a key milestone. The FIDO Alliance and W3C have launched a Web Authentication standard that makes it easier to offer truly unique encryption credentials for each site. That, in turn, lets you access virtually any online service in a PC browser through password-free FIDO Authentication, not just specific services. You can continue to use familiar methods like fingerprint readers, cameras and USB keys, and it can serve both in place of and in addition to passwords.
Lenovo and Intel take the first step toward eliminating passwords
Passwords are one of the weakest links when it comes to our online security, and we may be one step closer to getting rid of them altogether. Today, Lenovo and Intel announced the first built-in authentication for PCs that adheres to FIDO (Fast Identity Online) Alliance standards. It's available in Lenovo's latest computers (including the Yoga 920, pictured above) and works with Intel Online Connect, which is included in seventh- and eighth-generation Intel Core processors.
Governments want to get rid of passwords, too
It's not just giant tech companies that want to put an end to passwords. Both the US' National Institute of Standards and Technology and the UK's Office of the Cabinet have become the first government bodies to join the FIDO Alliance, giving them a direct say in building more secure (and more universal) sign-in systems. Given how often governments depend on fingerprinting, smart cards and other physical identification methods, the move makes a lot of sense -- they want to encourage security measures that make it tougher for hackers to swipe sensitive data. It'll be a while before you see the influence of these new partners, but you may well be using government-grade ID to access your PC or phone in the future. [Image credit: Shutterstock/Pedro Miguel Sousa]
Tech industry completes its standards for banishing passwords
Hate typing passwords? You might not have to enter them for much longer. The FIDO Alliance (backed by Google, Microsoft, PayPal and Samsung, among others) has just published the completed versions of its password-free standards for both regular and two-factor authentication. Apps and websites using the technology can now rely on a number of easier and typically more secure ways to sign you in, such as fingerprint readers and USB dongles, without having to worry about the exact device you're using. There are already some hardware and software solutions that play nicely with FIDO, but the existence of firm specs should significantly boost your choices in 2015.
Microsoft joins the FIDO Alliance to put an end to passwords
The FIDO Alliance is on a roll: It already has support from heavyweights like Google and Lenovo in its quest to eliminate password-based sign-ins, and it's now bringing Microsoft into the fold. The software pioneer is taking a seat at the Alliance's board of directors, where it will help shape open authentication standards. Microsoft isn't revealing what it would like to do with FIDO at this early stage, but it's easy to see the company improving both its verification methods and Windows' support for biometric readers. There are still gaps in the Alliance's membership -- Apple and Samsung aren't involved, for instance. Still, Redmond's involvement makes it clearer than ever that the group will have a lot of say over our future digital security.
Android phones with FIDO-based fingerprint readers to arrive in early 2014
The FIDO Alliance hinted that mobile fingerprint readers would play a part in its passcode-free strategy, and it turns out that we'll see those readers quite soon. Group president Michael Barrett tells USA Today that Android smartphones with FIDO-based fingerprint readers should be available in about six months, or early 2014. While the Alliance isn't saying which companies are launching those devices, we'd expect FIDO members like Lenovo and LG to embrace the technology first. As for other platforms? Barrett believes that Apple's Touch ID could work with FIDO, but we wouldn't count on it when Apple is still hesitant to embrace third-party developers.
Paypal security chief wants more fingerprints, fewer passwords in future iPhones
Speaking at an Interop keynote last week, Paypal Chief Information Security Officer Michael Barrett hinted that PINs and passwords may be going away when it comes to account security on smartphones. According to a post on CIO's website, Barrett serves as the president of the Fast Identity Online (FIDO) Alliance, an industry group looking for ways to replace the 52-year-old password technology with stronger authentication methods. FIDO combines hardware, software and internet services to provide that higher level of authentication. That hardware can include a fingerprint scanner, a voice reader or something else. Barrett noted in his keynote that FIDO-enabled devices should begin appearing later this year, and he'd love to see Apple and other smartphone manufacturers leading the way to making FIDO mainstream: "It's widely rumored that a large technology provider in Cupertino, Calif., will come out with a phone later this year that has a fingerprint reader on it," he said. "There is going to be a fingerprint enabled phone on the market later this year. Not just one, multiple." Apple, of course, bought fingerprint security firm AuthenTec last year. Whether or not the company plans to incorporate AuthenTec's technology in a phone debuting this year is pure conjecture at this point, but comments by Barrett and other information security executives seem to indicate that FIDO technology will be part of standard smartphone gear sooner than we expect. [via MacRumors]
PayPal's chief information security officer says passwords' days are numbered
Recently speaking at the Interop IT conference, PayPal's chief information security officer, Michael Barrett, stated that passwords and PINs were operating on borrowed time. Barrett hopes to replace online security keys with a setup that's a blend of software and hardware-based identification. He also serves as president of the Fast Identity Online Alliance (FIDO) -- the organization's focus is to combine an effective mix of software (passwords and plugins) and hardware (USB drives and fingerprint scanners) for user authentication. PayPal's technology boss didn't allude to his company adopting these new types of security systems for its customers anytime soon. Instead he announced that FIDO-enabled devices will be hitting the market sometime this year. Progress, yes, but until this hardware becomes more widely available, it's likely that you'll be spending more time getting acquainted with two-step logins.
