China’s online giant Alibaba endorses FIDO authentication

Written by admin on . Posted in News

(Editor’s note. A consortium of 150 companies called the FIDO Alliance is pushing for adoption of a new technical specification that could be the basis for biometric sensors, and other devices, to begin to widely replace passwords for accessing online accounts and services. FIDO stands for Fast IDentity Online. The alliance is led by PayPal, Samsung, Lenovo, Google and MasterCard. In this guest essay, Ramesh Kesanupalli, founder of Nok Nok Labs, outlines the significance of Alibaba recently embracing FIDO.)

Recent events have made the security shortcomings of passwords painfully clear. Not only are passwords easily stolen, phished and guessed, they can also be hard to remember and difficult to type on mobile devices. And because people often use the same password for multiple accounts, a single attack can compromise several sites or applications.

For roughly the past two years, the FIDO Alliance has been making progress on a solution for the long haul. FIDO refers to a new technical specification for strong authentication that is more secure, private and easier-to-use than passwords. FIDO standards leverage the unique characteristics stored on a security chip, biometric sensor or hardware device to authenticate the identity of an individual.

FIDO could pave the way for wider use of a variety of biometric systems to affirm one’s identity. Last February, FIDO consortium members PayPal, Samsung, Synaptics, and Nok Nok Labs introduced an innovative service that shows the promise of this new approach. Synaptics incorporated its FIDO Ready™ biometric fingerprint sensors in Samsung’s latest line of mobile devices. And PayPal stepped forward to became the first company to implement secure payments using FIDO authentication with Nok Nok Labs servers. This service is available to PayPal users on a range of Samsung devices, starting with the Galaxy S5.

Last week marked another major advance in FIDO adoption. China’s Alibaba Group joined the FIDO Alliance, following the previous announcement that Alipay; an Alibaba group company, had launched a pioneering FIDO authentication service.

Alipay is one of the world’s largest online markets, and will leverage Nok Nok Labs’ FIDO Ready solution to deploy secure payments, based on FIDO authentication, to 600 million users.

Alibaba recognizes the opportunity to usher in the next evolution of Internet commerce, moving beyond the insecurity of passwords that threaten to impede the adoption of online and mobile platforms.

This is a major milestone. It signifies Asia’s awakening to the value of standards-based strong authentication, and it is a validation of the critical need for FIDO authentication.

The realms requiring user authentication are rapidly expanding – from Internet to mobile and POS, (Point of Sale) and on to smart buildings and the Internet of Things. FIDO authentication is ready for the interoperable future of authentication that must accommodate a veritable world of user choice and context-aware security.

Companies prepared with FIDO authentication are poised to take advantage of future authentication mechanisms, new devices and opportunities without undertaking the pain of deploying new authentication infrastructure.

Already, two of the world’s foremost payments providers – PayPal and Alipay – are demonstrating how to take advantage of vast FIDO capabilities already available in the marketplace.

There are hundreds of millions of FIDO Ready user devices and products in the marketplace, including face, voice, or fingerprint biometrics and hardware tokens, all ready to be leveraged to eliminate the pain and insecurity of traditional passwords.

It will be fascinating to see who becomes the next to move beyond passwords to implement FIDO authentication.

NOTE: The FIDO Alliance will be in Asia for the first time, hosting seminars for prospective members in Seoul, Korea and Tokyo, Japan on October 6th and 10th respectively.

More on emerging best practices

3 steps for figuring out if your business is secure

Encryption rules ease retailers’ burden

Tracking privileged accounts can thwart hackers

Impenetrable encryption locks down Internet of Things