Momentum is building for Fido, an open security authentication concept that aims to allow users to replace passwords with a range of authentication methods, including NFC and biometrics. Both Google and NXP have now signed up to the project, alongside founder members that include PayPal and Lenovo.
The Fido (Fast IDentity Online) Alliance has announced that Google and NXP have joined the group, which is working on an open technical specification for strong user authentication.
The pair join founder members Lenovo, PayPal, Agnitio, Infineon Technologies, Nok Nok Labs and Validity plus more recent members Crocus Technology, Diamond Fortress and CrucialTec.
"The Fido standard will support a full range of technologies, including biometrics such as fingerprint scanners, voice and facial recognition, as well as existing authentication solutions and communications standards such as trusted platform modules (TPM), USB security tokens, near field communication (NFC), one time passwords (OTP) and many other existing and future technology options," the Alliance says. "The open protocol is designed to be extensible and to accommodate future innovation, as well as protect existing investments."
"The internet requires users to confirm their identity to log on and access many online accounts and services," the Alliance explains. "Current password authentication is weak due to reuse, malware and phishing, and leaves enterprises and end users vulnerable to financial and identity theft. Fido's standards-based approach automatically detects when a Fido-enabled device is present, and offers users the option to replace passwords with authentication methods that are more secure and easier to use."
"Though many authentication systems and point solutions existed before the Fido Alliance, they have been proprietary, difficult and costly to manage, and/or insufficient to scale," the group adds. "The Fido Alliance's objective is to be all-inclusive, embracing both existing and new authentication methods and hardware with the Fido open protocol. Fido-compliant smartphones, tablets, PCs and laptops can replace password dependency and exposure of sensitive user information by automatically and transparently providing user credentials when they're required."
"By giving users choice in the way they authenticate and taking an open-based approach to standards, we can make universal online authentication a reality," says Michael Barrett, president of the Fido Alliance and chief information security officer at PayPal. "We want every company, vendor, and organization that needs to verify user identity to join us in making online authentication easier and safer for users everywhere."