Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / One Step Closer to End of Passwords
One Step Closer to the End of Passwords
One Step Closer to the End of Passwords
By Dan Heilman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Are usernames and passwords soon to be a thing of the past? If advancements in cryptography proceed at their recent pace, they might be. The Mountain View, California-based FIDO Alliance, an industry group pushing for an alternative to username and password logins, this week published final specifications of a universal standard for accessing sites and online services more securely.

Using the efforts of current and former executives from such tech giants as Google, PayPal and eBay, FIDO (short for Fast IDentity Online) would like to see a world of products that allow users to log in with the use of public key cryptography protocols that are far tougher difficult to hack than username and password.

Two Sets

FIDO published final 1.0 drafts of its two specifications: Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). FIDO 1.0 mandates interoperability between the hardware that verifies the user's identity, such as a phone or a USB device, and the back-end software run by the site the user is logged into. It would work similar to the way USB and Wi-Fi certification allows devices from numerous vendors to work seamlessly together.

"The fact that the FIDO Alliance was able to develop complete specifications so quickly and with such broad support is evidence that they are tackling a pervasive industry pain point," said Steve Wilson, vice president and principal consultant at Constellation Research.

"What's most impressive is the FIDO Alliance's focus on the authentication plumbing. The protocols enable trusted client devices to trade just the right data about their users. FIDO specifications aren't tangled up in messy identity policy decisions. It should drive a lot of the classic complexity out of the identity management space."

A Verizon Data Breach Investigations Report recently reported that weak or stolen login credentials were a factor in more than 76 percent of the breaches analyzed. Related reports say that the volume and severity of data breaches is continuing to rise, with centralized data sets of personal and sensitive information being the most targeted and most vulnerable to scaled attacks.

FIDO said that by responding to the risk and loss perpetuated by prevailing password systems, its specifications define an open, scalable, interoperable set of strong authentication mechanisms that reduce tech users' decades-long reliance on single-factor username and password logins.

Different Strengths

The specifications outline a new standard for devices, servers and client software, including browsers, browser plug-ins, and native app subsystems. Any Web site or cloud application can interface with several existing and future FIDO-enabled authenticators such as biometrics and hardware tokens. Those can then be used by consumers, enterprises, service providers and other organizations.

The core 1.0 specifications are final. FIDO said it is almost done with extensions that will incorporate near-field communication and Bluetooth into the range of FIDO capabilities. The organization that said evolving specifications based on new requirements and deployment experience will help guarantee ongoing alignment of FIDO standards with demands in the consumer devices, online services and enterprise markets.

Tell Us What You Think


Posted: 2014-12-10 @ 12:02pm PT
As long as Google, PayPal and eBay do not use the data to track users, it could be a good idea.

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.