October 1, 2014

China’s online giant Alibaba endorses FIDO authentication

(Editor’s note. A consortium of 150 companies called the FIDO Alliance is pushing for adoption of a new technical specification that could be the basis for biometric sensors, and other devices, to begin to widely replace passwords for accessing online accounts and services. FIDO stands for Fast IDentity Online. The alliance is led by PayPal, Samsung, Lenovo, Google and MasterCard. In this guest essay, Ramesh Kesanupalli, founder of Nok Nok Labs, outlines the significance of Alibaba recently embracing FIDO.)

Recent events have made the security shortcomings of passwords painfully clear. Not only are passwords easily stolen, phished and guessed, they can also be hard to remember and difficult to type on mobile devices. And because people often use the same password for multiple accounts, a single attack can compromise several sites or applications.

For roughly the past two years, the FIDO Alliance has been making progress on a solution for the long haul. FIDO refers to a new technical specification for strong authentication that is more secure, private and easier-to-use than passwords. FIDO standards leverage the unique characteristics stored on a security chip, biometric sensor or hardware device to authenticate the identity of an individual.

FIDO could pave the way for wider use of a variety of biometric systems to affirm one’s identity. Last February, FIDO consortium members PayPal, Samsung, Synaptics, and Nok Nok Labs introduced an innovative service that shows the promise of this new approach. Synaptics incorporated its FIDO Ready™ biometric fingerprint sensors in Samsung’s latest line of mobile devices. And PayPal stepped forward to became the first company to implement secure payments using FIDO authentication with Nok Nok Labs servers. This service is available to PayPal users on a range of Samsung devices, starting with the Galaxy S5.

Last week marked another major advance in FIDO adoption. China’s Alibaba Group joined the FIDO Alliance, following the previous announcement that Alipay; an Alibaba group company, had launched a pioneering FIDO authentication service.

Alipay is one of the world’s largest online markets, and will leverage Nok Nok Labs’ FIDO Ready solution to deploy secure payments, based on FIDO authentication, to 600 million users.

Alibaba recognizes the opportunity to usher in the next evolution of Internet commerce, moving beyond the insecurity of passwords that threaten to impede the adoption of online and mobile platforms.

This is a major milestone. It signifies Asia’s awakening to the value of standards-based strong authentication, and it is a validation of the critical need for FIDO authentication.

The realms requiring user authentication are rapidly expanding – from Internet to mobile and POS, (Point of Sale) and on to smart buildings and the Internet of Things. FIDO authentication is ready for the interoperable future of authentication that must accommodate a veritable world of user choice and context-aware security.

Companies prepared with FIDO authentication are poised to take advantage of future authentication mechanisms, new devices and opportunities without undertaking the pain of deploying new authentication infrastructure.

Already, two of the world’s foremost payments providers – PayPal and Alipay – are demonstrating how to take advantage of vast FIDO capabilities already available in the marketplace.

There are hundreds of millions of FIDO Ready user devices and products in the marketplace, including face, voice, or fingerprint biometrics and hardware tokens, all ready to be leveraged to eliminate the pain and insecurity of traditional passwords.

It will be fascinating to see who becomes the next to move beyond passwords to implement FIDO authentication.

NOTE: The FIDO Alliance will be in Asia for the first time, hosting seminars for prospective members in Seoul, Korea and Tokyo, Japan on October 6th and 10th respectively.

More on emerging best practices

3 steps for figuring out if your business is secure

Encryption rules ease retailers’ burden

Tracking privileged accounts can thwart hackers

Impenetrable encryption locks down Internet of Things

MORE Building the Business Case

The Value of Certification

Hear from FIDO’s Dr. Rae Rivera about the value of...

October 26, 2021

White Paper: Choosing FIDO Authenticators for Enterprise Use Cases

Secure access to online applications and services has evolved into...

September 21, 2021

World’s Largest Tech Companies Drive FIDO Alliance’s New User Experience Guidelines

By Andrew Shikiar, Executive Director and Chief Marketing Officer, FIDO...

June 23, 2021

FIDO Recognition for European Digital Identity Systems and eIDAS Grows

Contributed by Sebastian Elfors, Senior Solutions Architect, Yubico Recognition of...

March 29, 2021
Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.