Welcome!

News Feed Item

FIDO Alliance Opens Technology for First Public Review to an Industry Desperate for Simpler, Stronger Authentication

The FIDO Alliance Marks 1st Anniversary by Publishing Review Draft Specifications as Membership Nears 100

MOUNTAIN VIEW, CA -- (Marketwired) -- 02/11/14 -- The FIDO (Fast IDentity Online) Alliance (http://www.fidoalliance.org/), an open industry consortium delivering standards for simpler, stronger authentication, achieved a historic milestone today by releasing its first public review draft technology specifications. These open technologies have been collaboratively developed by a rapidly increasing number of the most innovative companies in the world to enable simpler, stronger authentication to scale in the market.

The Q1 2013 Forrester Wave™: Enterprise Fraud Management asserts the online services industry is seeing upwards of $200B in annual losses from password breaches and related hacks that exploit the vulnerabilities inherent in single-factor password systems. According to the Verizon 2013 Network Investigations Data Breach Report, 76 percent of network intrusions exploit weak or stolen credentials. According to Gartner, 20 to 50 percent of all help desk calls are for password resets. Forrester Research estimates help desk labor cost at $70 per password reset*. In Mobile Consumer Insights, Jumio reports that 68 percent of smartphone and tablet owners have attempted to make purchases on their device. Due to problems during the payment process, 66 percent of that group abandon transactions, and 47 percent of these said they abandoned transactions that took too long. Upon its first-year anniversary, the FIDO Alliance demonstrates momentum that attests to pent-up demand for simpler, stronger authentication that must scale, as only open industry standards can deliver.

"It is with pride that the FIDO Alliance releases the review draft specifications to the public today, before our first anniversary of starting the long overdue revolution in authentication. Congratulations to our members for their insights, expertise, and tireless dedication to delivering better authentication that is more secure, private and easier-to-use than prevailing password schemas," said FIDO Alliance president, Michael Barrett. "With today's public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises. Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies."

The FIDO Alliance also announces that its membership is approaching 100 strong, with Aetna, ARM, Dell, Discretix, IdentityX, Netflix, Next Biometrics, Oesterreichische Staatsdruckerei GmbH, Salesforce, SafeNet, Sonavation, STMicroelectronics, and Wave Systems being among the most recent companies to join as Sponsor members of the Alliance. Launched in February 2013 with six founding members, the alliance has grown rapidly with representation from every continent and every industry.

"When I first started discussing the need for a strong authentication protocol with Michael Barrett, Taher Elgamal and others many years ago, we knew we had something big on our hands," said Ramesh Kesanupalli, founder of Nok Nok Labs and FIDO visionary, "and the progress we've seen in a single year in attracting membership and delivering draft specifications signifies the need for a drastic change in the marketplace and a collective determination to accomplish it. As a founding member, Nok Nok Labs is proud to be delivering FIDO Ready solutions based on these new specifications."

FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to today's prevailing reliance on single-factor passwords.

"It is incumbent upon Enterprise IT to begin moving away from the world of basic username/password authentication, and we are excited to join the FIDO Alliance in shaping the future of strong authentication," said Mike D. Kail, VP of IT Operations, Netflix. "We look forward to collaborating with various sectors and industry experts and contributing experience and guidance on best security and authentication practices for Enterprise IT."

The FIDO specifications emphasize a device-centric model that reflects the Alliance's thoughtful dedication to usability, privacy and security. FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as further enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO specifications complement and add value to identity federation. The improved user authentication enabled by FIDO specifications can be federated using existing industry standards such as OpenID and SAML. Committed to core privacy principles, the FIDO Alliance today published a reference whitepaper. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real-world deployment experience.

"Increased awareness of identity protection and the associated complexities of securely authenticating users across diverse devices and environments underscore the need for a universal authentication framework," commented Andrew Young, VP Product Management, Authentication at SafeNet. "To this end, one of the clear advantages of the FIDO approach is that it offers users a consistent experience across multiple services and user devices, a range of multi-factor schemes, and maintains privacy by using distinct authentication keys for different services. The FIDO Alliance, by helping to standardize multi-factor practices, will contribute to the formation of a broader identity framework based on greater trust and better security in both consumer and enterprise environments."

"As a leading provider of trusted identity and authentication networks and sponsor member of FIDO Alliance, SecureKey enthusiastically supports the principles of interoperable, simple and strong authentication for consumer-scale deployments, said Stu Vaeth, VP of Products, SecureKey. We look forward to delivering FIDO Ready solutions based on this specification to our customers and partners, leveraging our briidge.net™ Connect cloud-based authentication service."

"At PayPal the security of our customer's personal and financial information is our top priority, which is why we co-founded the FIDO Alliance," said Brett McDowell, FIDO Alliance vice president, and eBay Inc. Head of Ecosystem Security. "The open standards and best practices we develop in collaboration with other members of the Alliance provide our industry with an interoperable, scalable framework for delivering simpler, stronger authentication to our customers."

FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real world deployment experience.

"IDC Financial Insights believes that most successful financial institutions in 2014 will be those that can deliver an engaging, omnichannel experience for their customers and prospects. Simple, convenient, and strong authentication is the foundation to convenience, and contributes to a channel-less experience for the end-user. The finalization and adoption of the FIDO Alliance draft specifications, shared today, can play an important role in delivering convenience," said Michael Versace, Global Research Director at IDC Financial Insights.

FIDO Alliance members are already developing FIDO Ready™ products and services based on early draft FIDO specifications. In October 2013, The FIDO Alliance began a certification program with FIDO Ready™ branding for implementations passing conformance and interoperability testing to early draft specifications. The 2014 Consumer Electronics Show (CES) revealed the first demonstrations of FIDO Ready products. Members are shaping the marketplace with FIDO specifications already in play in products like FingerQ with FIDO Ready™ components from Synaptics and FIDO Ready products from AGNITiO, Go-Trust, Nok Nok Labs, and Yubico.

FIDO members are featuring FIDO Ready products at this month's Mobile World Congress 2014 (MWC 2014), RSA Security Conference and FIDO Public Forum Event in Palo Alto California. Online Service providers who want to assess FIDO technologies are encouraged to look for the FIDO Ready(tm) certification on vendor implementations. The FIDO Certification program will continue to advance in scope and depth as the specifications mature, while adhering to a core principal of backward compatibility of FIDO infrastructure to ensure ongoing interoperability with all FIDO certified authenticators in the market.

Rob Coombs, Director of Security Marketing, ARM said: "Last year, our partners shipped over ten billion ARM-based microprocessors, the vast majority in internet-enabled devices. With the growing need to connect people and products securely to cloud services it is clear that we need to move beyond passwords for authentication. The FIDO alliance provides an excellent forum for industry to work together to provide a scalable verification architecture that can make the lives of consumers more convenient and help cloud-based services manage risk."

"Discretix' Passwordless and Second Factor User Authentication solutions are hardware-assisted and utilize the device's Trusted Execution Environment. These solutions leverage our expertise in deploying field-proven, mass-market solutions for mobile, particularly on Android devices," said Roni Sasson, Director Product Marketing at Discretix. "Simple and strong authentication is a key enabler for premium mobile services, and Discretix fully endorses the FIDO Alliance's specification and certification initiatives, and we are pleased to be an active contributor."

"As a long-time leader in semiconductors for trust and data security, STMicroelectronics recognizes the value and fully endorses the FIDO Alliance's efforts to develop an open and standardized solution for strong authentication," said Laurent Degauque, Embedded Security Marketing Director. "ST is committed to bringing its security expertise, products and solutions to bear to help the deployment of FIDO-enabled devices."

"FIDO specifications establish an authentication perimeter, so only content by consent can be accessed. As more 'things' proliferate in the Internet of Things (IoT), an authentication perimeter becomes very important to managing our world. Beyond addressing the need for password and PIN alternatives, FIDO authentication flips the model and increases both security and convenience, while ensuring privacy by placing local authentication controls entirely in the hands of the true owner. This control is essential to managing increasingly connected devices as they demand access to our data and personal content," said Tim Bajarin, president, Creative Strategies. "Generating a local signature understood by a remote service that protects both consumer and service provider from unauthorized access to owners and their data is unique. FIDO specifications flip the authentication model from user subjugation to user control with this truly revolutionary capability."

The FIDO Alliance invites all interested organizations to join and contribute their use cases and expertise to these open industry standards that will enable the next generation of authentication to online and cloud services.

About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was launched in February 2013 to address the lack of interoperability amongstrong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

The FIDO Alliance Board of Directors includes leading global organizations: Blackberry®; CrucialTec (KRX: 114120); Discover Financial Services (NYSE: DFS); Google; Lenovo; MasterCard (NYSE: MA); Microsoft (NASDAQ: MSFT); Nok Nok Labs, Inc.; NXP Semiconductors N.V. (NASDAQ: NXPI); Oberthur Technologies OT; PayPal (NASDAQ: EBAY); RSA®; Synaptics (NASDAQ: SYNA); Yubico

*Note: These are widely published, referenced statements. Citations: http://static.helpsystems.com/safestone/pdfs/WP_PasswordSelfHelp.pdf and http://www.mandylionlabs.com/PRCCalc/PRCCalc.htm

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for FIDO Alliance
831-479-1888
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to gre...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develop...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...