FIDO Alliance 2019 Progress Report: FIDO Authentication for Simpler, Stronger Web Logins Now Ready for Rollout on Billions of Consumer Devices
Platform enablement, new work areas and deployments
show continued momentum for FIDO Alliance
TOKYO, December 5, 2019 — 2019 was a year of strong progress for the FIDO Alliance in realizing its mission to make secure and convenient logins available to web service providers and users across the globe, the Alliance said today in its 2019 progress report.
FIDO platformization makes simpler, stronger authentication available to billions
2019 was the year of FIDO platformization, with leading platforms and web browsers adding support for FIDO Authentication out-of-the-box. This support allows websites to enable FIDO-based logins via a simple API call on billions of devices consumers use every day.
Highlights of this year’s FIDO enablement progress include:
- WebAuthn, the web API portion of the Alliance’s FIDO2 specifications, became an official W3C web standard
- Browser support for FIDO2 was introduced for Google Chrome, Microsoft Edge, Mozilla Firefox, Apple Safari and Opera
- Google received FIDO2 certification for the Android 7.0+ platform, which makes FIDO available for use in all Android mobile devices operating on Android 7 or later
- Microsoft achieved FIDO2 certification for Windows Hello, which makes FIDO available on any Windows 10 device
“We know that realizing the FIDO Alliance’s mission to move the world beyond the password ‘shared secret’ model of authentication requires making FIDO a ubiquitous feature across all of the devices, operating systems and browsers we use every day. Given the platform enablement progress of this year, we are well on our way to that ubiquity,” said Andrew Shikiar, executive director and chief marketing officer of the FIDO Alliance. “Never before have service providers and developers had the ability to enable convenient, cryptographically secure authentication to a user base this broad. Service providers are now taking advantage of these new capabilities on a global scale.”
Leading service providers tapping into the power of FIDO Authentication
As platform enablement grew in 2019, service providers continued their FIDO rollouts across mobile and web applications on a global scale. This includes these notable developments:
- Intuit rolled out FIDO passwordless authentication across its mobile apps, reducing sign-in time by 78% and successfully authenticating 99.9% of the time, compared to 80-85% for SMS-based multi-factor authentication
- Microsoft made FIDO Authentication a fundamental component in its efforts to provide users a seamless, password-free login experience. Most recently, Microsoft rolled out FIDO-based passwordless sign-in for Azure Active Directory (Azure AD)
- Building upon their prior FIDO innovations, NTT DOCOMO announced d ACCOUNT Passwordless Authentication — the option to disable password logins and set accounts to login via FIDO biometric authentication only
- The General Services Administration (GSA) enabled FIDO Authentication for login.gov, its single sign-on website for the U.S. public and federal employees to interface and transact with federal agencies online
- The National Health Service (NHS) in the United Kingdom released open source code for developers to add FIDO biometric security for app login
- Google continued to add FIDO support across its platforms, including the ability to use Android phones as a physical security key and built-in Chromebook support.
- LINE Pay became the first mobile payment app to support FIDO2, allowing users to simply scan their fingerprint or face to authenticate themselves or confirm transactions
New work areas address adjacent technology areas to advance FIDO adoption
Earlier this year, the FIDO Alliance launched new work areas in the Internet of Things (IoT) and identity verification and binding. These initiatives build upon the Alliance’s ongoing focus on driving the efficacy and market adoption of FIDO Authentication by addressing adjacent technology areas that leave security vulnerabilities on the web.
The Alliance aims to strengthen identity verification assurance to support better account enrollment and recovery, and automate secure device onboarding to remove password use from IoT. The Alliance has formed two new working groups: the Identity Verification and Binding Working Group (IDWG) and the IoT Technical Working Group (IoT TWG) to establish guidelines and certification criteria in these areas.
New perspectives and participants
The ongoing growth of the FIDO ecosystem was reflected through many new FIDO Alliance members in 2019. These include sponsor-tier organizations AdNovum Informatik AG, FIME SAS, the government of Thailand, IBM, IDNow GmbH, Imagination Technologies, Intuit, Jumio Corporation, the Mitre Corporation, Phoenix Technologies Ltd., Ping Identity, and Secure Identity, LLC (CLEAR).
Looking Ahead to 2020
In the coming year, the FIDO Alliance will continue enabling FIDO rollouts with best practices documentation and developer-focused initiatives. The Alliance is also debuting a new conference, Authenticate, focused on FIDO Authentication and the surrounding ecosystem of technologies, innovations and adopters.The inaugural event will be held June 2-3, 2020 in Seattle, WA.
TWEET THIS: 2019 Progress Report: #FIDO standards for simpler, stronger web logins are well on their way to ubiquity thanks to a year of strong progress incl. platformization, official standardization & broad support https://fidoalliance.org/fido-alliance-2019-progress-report
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
Montner Tech PR