FIDO Alliance Releases Final Specifications

Passwords and authentication is an arena that is an evergreen source of opportunity for cyber-criminals, prompting an ongoing conversation about how identity can be better managed. Looking to solve some of the issues, the Fast IDentity Online (FIDO) Alliance has published its final 1.0 drafts of two specifications—the Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

Taken together, the FIDO specifications define an open, scalable, interoperable set of strong authentication mechanisms that reduce the reliance on single­-factor username and password login. They take into account devices, servers and client software, including browsers, browser plugins and native app subsystems.

“What’s most impressive is the FIDO Alliance’s focus on the authentication plumbing,” said Steve Wilson, vice president and principal consultant at Constellation Research, in a statement. “The protocols enable trusted client devices to trade just the right data about their users. FIDO specifications aren’t tangled up in messy identity policy decisions. It’s an elegant breakthrough, and, going forward, it should drive a lot of the classic complexity out of the IdM space.”

Members of the FIDO Alliance—including device manufacturers like Samsung, online service providers like Alibaba and Google, and enterprises—can implement the specs from now, and begin to commercialize the approach. Also, any website or cloud application can interface with a broad variety of existing and future FIDO-­enabled authenticators, ranging from biometrics to hardware tokens, to be used by consumers, enterprises, service providers, governments and organizations of all types.

“Today, we celebrate an achievement that will define the point at which the old-world order of passwords and PINs started to wither and die,” said Michael Barrett, president of the FIDO Alliance, in a statement. “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post-password’ era, which is already revealing new dimensions in internet services and digital commerce.”

While the core 1.0 specifications are final, the FIDO Alliance said that it’s also nearing completion of extensions that will incorporate Near Field Communications (NFC) and Bluetooth into the range of FIDO capabilities. Continuing evolution of the specifications based on new requirements and/or deployment experience will help ensure ongoing alignment of FIDO standards with demands in the consumer devices, online services and enterprise markets.

What’s Hot on Infosecurity Magazine?