The Fast IDentity Online (FIDO) Alliance is making progress in its quest to move beyond password authentication. It has introduced the FIDO Certified testing program, which is designed to measure compliance and ensure interoperability among products and services that support FIDO 1.0 specifications.
The FIDO Alliance is devoted to boosting online security with open standards for simpler, stronger authentication that moves beyond passwords (with an eye to eliminating them altogether). Taken together, the FIDO specifications, which were finalized last December, define an open, scalable, interoperable set of strong authentication mechanisms that reduce the reliance on singlefactor username and password login. They take into account devices, servers and client software, including browsers, browser plugins and native app subsystems.
Google, Microsoft and Samsung are among the high-profile members. Samsung, for instance, said that the FIDO-based S3 Authentication Suite will be implemented into its Samsung Galaxy smartphone line, to enable mobile payments via an integrated fingerprint sensor/biometric. So, S5 users can authenticate to any FIDO-ready application with the existing security capabilities of their device.
“Certification of serious security components and sub-systems is absolutely essential as we have come to realize how much is at stake when authentication systems don’t perform as expected. With major data breaches escalating, so is demand for strong authentication,” said Steve Wilson, vice president and principal consultant at Constellation Research. “Moreover, demand for certified authentication solutions is also rising. A standards based authentication solution is only as good as its conformance to those standards. The FIDO Alliance has worked hard on its conformance program from the very beginning. The new FIDO Certified program is well thought through, and isn’t just another box-ticking exercise. It complements and reinforces the Alliance’s rigorous specifications development from incubation right through to standardization.”
Adopters of the FIDO protocols who pass certification testing may apply to use the FIDO Certified logo at their sites and associated with their qualifying product materials, packaging and advertising; the logo is meant to signal to consumers, customers and partners that a product is part of a range of FIDO-based strong authentication solutions that are broadly interoperable.
It also said that 31 implementers have already passed FIDO certification as being compatible with the specs, which are made up of the Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).
“FIDO certification satisfies a need to ensure that implementations of the FIDO specification are uniform across products and that those products are interoperable,” said Brett McDowell, executive director of the FIDO Alliance, in a statement. “The FIDO Certified program offers the type of oversight that vertical industries need to hasten the adoption of strong authentication products that stretch across enterprise boundaries and the range of mobile and other devices key in today’s computing environment.”