It always seems that whether a company uses encryptions, hash functions or other security measures, hackers find a way to break through. In October, Adobe’s security breach compromised more than 38 million user IDs and passwords. In April, LivingSocial’s database was hacked and compromised the personal data of more than 50 million users. And just this month, more than two million passwords were stolen from sites such as Facebook, Google, LinkedIn, Twitter and Yahoo. Also, Target faced a security breach that affected approximately 40 million accounts, the fallout of which remains to be fully understood.
Over time, online security methods have improved and companies continue to urge users to create more secure passwords, but is that enough?
One organization, the Fast Identity Online Alliance (FIDO), is working toward changing the nature of online authentication and reducing the reliance on passwords to authenticate users. The core ideas driving FIDO are ease of use, privacy, security and standardization.
“Consumers are struggling to maintain control of their online identities,” said Michael Barrett, president of the FIDO Alliance, which was formed in July 2012. “They can’t remember the passwords they have, and so they can’t get into their own accounts when they need to.”
The problem, Barrett explained, is that when a user’s password and information is compromised during a security breach, the user may change his or her password, but everywhere else that user applied that old password is now in a compromised position.
One way the company is striving to create easier and stronger user authentication methods is by working with alliance members to create products considered “FIDO Ready.” Although these products haven’t come to market yet, the group recently announced they will be demonstrated at the 2014 International Consumers Electronics Show (CES) in Las Vegas on Jan. 7-10.
“In less than a year, FIDO Alliance specifications have enabled several of our members to produce some remarkable innovative authentication products,” Barrett said. “Participants at CES will benefit from hands-on experience of how open FIDO standards will work to enable truly novel strong authentication technologies. With FIDO specifications, users have a choice of devices and solutions that interoperate and make authentication easier to use, more secure and private.”
FIDO Ready products include voice recognition, fingerprint authentication, iris verification and more from companies such as AGNITIO, FingerQ, GO-Trust, Infineon, Nok Nok Labs, Synaptics and Yubico.
Other ways FIDO is looking to strengthen user authentication is through existing solutions and communications standards such as Trusted Platform Modules, USB security tokens, embedded Secure Elements, smart cards, Bluetooth low energy, and near field communication.
“When compared to the current passwords, FIDO is much more secure,” said the alliance’s website. “FIDO security will be at least as good as current proprietary commercial security options, but FIDO will be more broadly available because the costs will be lower.”
All FIDO technology is developed and reviewed by experienced security professionals, and it is designed to resist man-in-the-middle, phishing and replay attacks.
FIDO board members include BlackBerry, CrucialTec, Discover, Google, Lenovo, MasterCard, Microsoft, Nok Nok Labs, Oberthur Technologies, PayPal, Validity and Yubico.
“Joining the FIDO Alliance board of directors is a logical step for us as a way to serve our customers and the community,” said David Treadwell, a corporate vice president at Microsoft. “As a contributor to the FIDO Alliance working groups on next-generation authentication, we look forward to furthering our innovation and thought leadership in the identity space.”