Welcome!

News Feed Item

FIDO Alliance Opens Technology for First Public Review to an Industry Desperate for Simpler, Stronger Authentication

The FIDO Alliance Marks 1st Anniversary by Publishing Review Draft Specifications as Membership Nears 100

MOUNTAIN VIEW, CA -- (Marketwired) -- 02/11/14 -- The FIDO (Fast IDentity Online) Alliance (http://www.fidoalliance.org/), an open industry consortium delivering standards for simpler, stronger authentication, achieved a historic milestone today by releasing its first public review draft technology specifications. These open technologies have been collaboratively developed by a rapidly increasing number of the most innovative companies in the world to enable simpler, stronger authentication to scale in the market.

The Q1 2013 Forrester Wave™: Enterprise Fraud Management asserts the online services industry is seeing upwards of $200B in annual losses from password breaches and related hacks that exploit the vulnerabilities inherent in single-factor password systems. According to the Verizon 2013 Network Investigations Data Breach Report, 76 percent of network intrusions exploit weak or stolen credentials. According to Gartner, 20 to 50 percent of all help desk calls are for password resets. Forrester Research estimates help desk labor cost at $70 per password reset*. In Mobile Consumer Insights, Jumio reports that 68 percent of smartphone and tablet owners have attempted to make purchases on their device. Due to problems during the payment process, 66 percent of that group abandon transactions, and 47 percent of these said they abandoned transactions that took too long. Upon its first-year anniversary, the FIDO Alliance demonstrates momentum that attests to pent-up demand for simpler, stronger authentication that must scale, as only open industry standards can deliver.

"It is with pride that the FIDO Alliance releases the review draft specifications to the public today, before our first anniversary of starting the long overdue revolution in authentication. Congratulations to our members for their insights, expertise, and tireless dedication to delivering better authentication that is more secure, private and easier-to-use than prevailing password schemas," said FIDO Alliance president, Michael Barrett. "With today's public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises. Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies."

The FIDO Alliance also announces that its membership is approaching 100 strong, with Aetna, ARM, Dell, Discretix, IdentityX, Netflix, Next Biometrics, Oesterreichische Staatsdruckerei GmbH, Salesforce, SafeNet, Sonavation, STMicroelectronics, and Wave Systems being among the most recent companies to join as Sponsor members of the Alliance. Launched in February 2013 with six founding members, the alliance has grown rapidly with representation from every continent and every industry.

"When I first started discussing the need for a strong authentication protocol with Michael Barrett, Taher Elgamal and others many years ago, we knew we had something big on our hands," said Ramesh Kesanupalli, founder of Nok Nok Labs and FIDO visionary, "and the progress we've seen in a single year in attracting membership and delivering draft specifications signifies the need for a drastic change in the marketplace and a collective determination to accomplish it. As a founding member, Nok Nok Labs is proud to be delivering FIDO Ready solutions based on these new specifications."

FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to today's prevailing reliance on single-factor passwords.

"It is incumbent upon Enterprise IT to begin moving away from the world of basic username/password authentication, and we are excited to join the FIDO Alliance in shaping the future of strong authentication," said Mike D. Kail, VP of IT Operations, Netflix. "We look forward to collaborating with various sectors and industry experts and contributing experience and guidance on best security and authentication practices for Enterprise IT."

The FIDO specifications emphasize a device-centric model that reflects the Alliance's thoughtful dedication to usability, privacy and security. FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as further enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO specifications complement and add value to identity federation. The improved user authentication enabled by FIDO specifications can be federated using existing industry standards such as OpenID and SAML. Committed to core privacy principles, the FIDO Alliance today published a reference whitepaper. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real-world deployment experience.

"Increased awareness of identity protection and the associated complexities of securely authenticating users across diverse devices and environments underscore the need for a universal authentication framework," commented Andrew Young, VP Product Management, Authentication at SafeNet. "To this end, one of the clear advantages of the FIDO approach is that it offers users a consistent experience across multiple services and user devices, a range of multi-factor schemes, and maintains privacy by using distinct authentication keys for different services. The FIDO Alliance, by helping to standardize multi-factor practices, will contribute to the formation of a broader identity framework based on greater trust and better security in both consumer and enterprise environments."

"As a leading provider of trusted identity and authentication networks and sponsor member of FIDO Alliance, SecureKey enthusiastically supports the principles of interoperable, simple and strong authentication for consumer-scale deployments, said Stu Vaeth, VP of Products, SecureKey. We look forward to delivering FIDO Ready solutions based on this specification to our customers and partners, leveraging our briidge.net™ Connect cloud-based authentication service."

"At PayPal the security of our customer's personal and financial information is our top priority, which is why we co-founded the FIDO Alliance," said Brett McDowell, FIDO Alliance vice president, and eBay Inc. Head of Ecosystem Security. "The open standards and best practices we develop in collaboration with other members of the Alliance provide our industry with an interoperable, scalable framework for delivering simpler, stronger authentication to our customers."

FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real world deployment experience.

"IDC Financial Insights believes that most successful financial institutions in 2014 will be those that can deliver an engaging, omnichannel experience for their customers and prospects. Simple, convenient, and strong authentication is the foundation to convenience, and contributes to a channel-less experience for the end-user. The finalization and adoption of the FIDO Alliance draft specifications, shared today, can play an important role in delivering convenience," said Michael Versace, Global Research Director at IDC Financial Insights.

FIDO Alliance members are already developing FIDO Ready™ products and services based on early draft FIDO specifications. In October 2013, The FIDO Alliance began a certification program with FIDO Ready™ branding for implementations passing conformance and interoperability testing to early draft specifications. The 2014 Consumer Electronics Show (CES) revealed the first demonstrations of FIDO Ready products. Members are shaping the marketplace with FIDO specifications already in play in products like FingerQ with FIDO Ready™ components from Synaptics and FIDO Ready products from AGNITiO, Go-Trust, Nok Nok Labs, and Yubico.

FIDO members are featuring FIDO Ready products at this month's Mobile World Congress 2014 (MWC 2014), RSA Security Conference and FIDO Public Forum Event in Palo Alto California. Online Service providers who want to assess FIDO technologies are encouraged to look for the FIDO Ready(tm) certification on vendor implementations. The FIDO Certification program will continue to advance in scope and depth as the specifications mature, while adhering to a core principal of backward compatibility of FIDO infrastructure to ensure ongoing interoperability with all FIDO certified authenticators in the market.

Rob Coombs, Director of Security Marketing, ARM said: "Last year, our partners shipped over ten billion ARM-based microprocessors, the vast majority in internet-enabled devices. With the growing need to connect people and products securely to cloud services it is clear that we need to move beyond passwords for authentication. The FIDO alliance provides an excellent forum for industry to work together to provide a scalable verification architecture that can make the lives of consumers more convenient and help cloud-based services manage risk."

"Discretix' Passwordless and Second Factor User Authentication solutions are hardware-assisted and utilize the device's Trusted Execution Environment. These solutions leverage our expertise in deploying field-proven, mass-market solutions for mobile, particularly on Android devices," said Roni Sasson, Director Product Marketing at Discretix. "Simple and strong authentication is a key enabler for premium mobile services, and Discretix fully endorses the FIDO Alliance's specification and certification initiatives, and we are pleased to be an active contributor."

"As a long-time leader in semiconductors for trust and data security, STMicroelectronics recognizes the value and fully endorses the FIDO Alliance's efforts to develop an open and standardized solution for strong authentication," said Laurent Degauque, Embedded Security Marketing Director. "ST is committed to bringing its security expertise, products and solutions to bear to help the deployment of FIDO-enabled devices."

"FIDO specifications establish an authentication perimeter, so only content by consent can be accessed. As more 'things' proliferate in the Internet of Things (IoT), an authentication perimeter becomes very important to managing our world. Beyond addressing the need for password and PIN alternatives, FIDO authentication flips the model and increases both security and convenience, while ensuring privacy by placing local authentication controls entirely in the hands of the true owner. This control is essential to managing increasingly connected devices as they demand access to our data and personal content," said Tim Bajarin, president, Creative Strategies. "Generating a local signature understood by a remote service that protects both consumer and service provider from unauthorized access to owners and their data is unique. FIDO specifications flip the authentication model from user subjugation to user control with this truly revolutionary capability."

The FIDO Alliance invites all interested organizations to join and contribute their use cases and expertise to these open industry standards that will enable the next generation of authentication to online and cloud services.

About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was launched in February 2013 to address the lack of interoperability amongstrong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

The FIDO Alliance Board of Directors includes leading global organizations: Blackberry®; CrucialTec (KRX: 114120); Discover Financial Services (NYSE: DFS); Google; Lenovo; MasterCard (NYSE: MA); Microsoft (NASDAQ: MSFT); Nok Nok Labs, Inc.; NXP Semiconductors N.V. (NASDAQ: NXPI); Oberthur Technologies OT; PayPal (NASDAQ: EBAY); RSA®; Synaptics (NASDAQ: SYNA); Yubico

*Note: These are widely published, referenced statements. Citations: http://static.helpsystems.com/safestone/pdfs/WP_PasswordSelfHelp.pdf and http://www.mandylionlabs.com/PRCCalc/PRCCalc.htm

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for FIDO Alliance
831-479-1888
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example: Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry The social model innovation is also a big challenge to the new social architecture with the design fr...
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics. In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to connect your brand strategy with the right consumer. 24Notion ranked #12 on Corporate Social Responsibility - Book of List.
Whether they’re located in a public, private, or hybrid cloud environment, cloud technologies are constantly evolving. While the innovation is exciting, the end mission of delivering business value and rapidly producing incremental product features is paramount. In his session at @DevOpsSummit at 19th Cloud Expo, Kiran Chitturi, CTO Architect at Sungard AS, will discuss DevOps culture, its evolution of frameworks and technologies, and how it is achieving maturity. He will also cover various st...
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
SYS-CON Events announced today that Sheng Liang to Keynote at SYS-CON's 19th Cloud Expo, which will take place on November 1-3, 2016 at the Santa Clara Convention Center in Santa Clara, California.
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, will discuss how VPaaS enables you to move fast, creating scalable video experiences that reach your ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
One of biggest questions about Big Data is “How do we harness all that information for business use quickly and effectively?” Geographic Information Systems (GIS) or spatial technology is about more than making maps, but adding critical context and meaning to data of all types, coming from all different channels – even sensors. In his session at @ThingsExpo, William (Bill) Meehan, director of utility solutions for Esri, will take a closer look at the current state of spatial technology and ar...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at Logz.io, will explore the value of Kibana 4 for log analysis and will give a real live, hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He will examine three use cases: IT operations, business intelligence, and security and compliance. This is a hands-on session that will require participants to bring their own laptops, and we will provide the rest.
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lea...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...