FIDO Authentication Poised for Continued Growth as Alliance Submits FIDO 2.0 Web API to W3C
FIDO Alliance, W3C Partner on Expanding Support for Web PlatformTokyo, Japan and Mountain View, Calif., – November 20, 2015… The FIDO® (Fast IDentity Online) Alliance (http://fidoalliance.org/), an industry consortium launched in 2013 to revolutionize online security with open standards for simpler, stronger authentication, today announced at a FIDO seminar in Tokyo that tens of millions of FIDO-based devices are now in use to protect end-user and enterprise accounts with strong, cryptographic-based authentication at major relying parties such as Google, PayPal, NTT DOCOMO, INC., Bank of America, Dropbox, and GitHub. With 72 FIDO Certified products, nearly 250 Alliance member organizations from around the world including US, UK, and German government agencies, and more than a dozen trade association partners, the market is clearly saying now is the time to deploy FIDO authentication to modernize outdated password systems. To carry this momentum into 2016, the FIDO Alliance today submitted to the World Wide Web Consortium (W3C), the international standards organization for the World Wide Web, a set of three technical specifications required to define a standard Web-based API designed to increase FIDO’s existing desktop, Chrome, Android and iOS reach to support other platforms. This FIDO-built Web API is intended to ensure standards-based strong authentication across all Web browsers and related Web platform infrastructure. “FIDO specifications define a unified mechanism to use cryptographic credentials for unphishable authentication on the Web. The specifications enable a wide variety of user experiences and modalities,” said Sampath Srinivas, vice president of FIDO Alliance. “We are very excited about today’s announcement and what it means for the future of ubiquitous unphishable FIDO authentication on the Web.” W3C will now have change control of this API, with ongoing collaboration from FIDO Alliance member companies and other web ecosystem stakeholders. W3C is proposing a new Web Authentication Working Group to its membership. The FIDO Alliance will support the adoption of this W3C published Web API through the established FIDO Certification Program. “The mission of the FIDO Alliance has always been stronger, simpler authentication: stronger to help protect data, and simpler to address the problems users face trying to create and remember multiple usernames and passwords. In order to achieve this mission, FIDO authentication needs to be available everywhere…on all the devices you use and with all of the apps & services you use,” said FIDO Alliance president Dustin Ingalls. “With FIDO support in the browser and in the platform, it will be easier than ever for apps and services to take full advantage of FIDO authentication helping to free the world from passwords. Today’s announcement showcases how the work we’ve been doing in FIDO 2.0, and the submissions we are making to W3C will help us meet our goal of enabling FIDO authentication everywhere.” FIDO’s Web APIs highlight the Alliance’s mission to submit mature technical specifications to recognized standards development organizations (SDOs) for formal standardization. The FIDO Alliance’s W3C submission is the first time the Alliance has chosen to submit their specifications to an external SDO. “Standardizing strong authentication in the Web Platform will help us to improve user and application security by moving beyond passwords. We thank FIDO Alliance members for bringing their work to W3C,” said Wendy Seltzer, W3C Technology and Society Domain Lead. The submission to W3C also supports the Alliance’s goal to produce technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users, and to operate industry programs to help ensure successful worldwide adoption of the FIDO specifications. “What we submitted to the W3C are the Web API components; the rest of the FIDO 2.0 work remains within the FIDO Alliance and is still in development,” said Brett McDowell, executive director of the FIDO Alliance. “The FIDO Alliance’s strategy has always hinged on the idea that every device you purchase will come with FIDO standards support built-in, just as we see today with standards like Bluetooth or Wi-Fi. The FIDO 2.0 work is very well aligned to that strategy, and we encourage OEMs to begin planning their device support for these capabilities.” FIDO’s momentum highlights a 2015 that can be described as the year of major deployments at Internet scale. This adoption speaks to the growing acceptance of standards-based FIDO protocols by an Internet-user base motivated to extinguish the reliance on passwords that have been at the heart of ongoing mega breaches. The evolution of FIDO Alliance protocols will further enhance the continuing roll-out and acceptance of FIDO-backed strong authentication and will bring additional platforms and authentication form factors to the market. Those that have already adopted FIDO-based public key cryptography are quickly realizing the benefits. “It’s been a pleasure to work with, and within, the FIDO Alliance to create a world that is no longer dependent on passwords,” said Koichi Moriyama, Senior Director of Product Innovation, Product Department, NTT DOCOMO, INC., and FIDO Alliance board member. “FIDO standards have been working extremely well for DOCOMO branded devices and services since our commercial launch in May. We are very excited about the prospect of providing more FIDO-enabled devices and services to our customers through the extended reach of FIDO 2.0 and W3C. We will definitely continue to work with FIDO Alliance to realize the vision of delivering a superior end-user experience by eliminating passwords with FIDO authentication’s enhanced security features.” About The FIDO Alliance The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services. The FIDO Alliance Board of Directors includes leading global organizations: Alibaba Holdings (NYSE: BABA); American Express (NYSE: AXP); ARM Holdings plc (LSE: ARM and NASDAQ: ARMH); Bank of America Corporation (NYSE:BAC); CrucialTec (KRX: 114120); Daon; Discover Financial Services (NYSE: DFS); Egis; Google (NASDAQ: GOOG); Intel (NASDAQ: INTC); ING (NYSE: ING); Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY); Lenovo (NASDAQ: LNVGY); MasterCard (NYSE: MA); Microsoft (Nasdaq “MSFT”); Nok Nok Labs, Inc.; NTT DOCOMO, INC. (NYSE: DCM); NXP Semiconductors N.V. (NASDAQ:NXPI); Oberthur Technologies OT; PayPal (NASDAQ:PYPL); Qualcomm, Inc. (Nasdaq: QCOM); RSA®; Samsung Electronics, Ltd (KOSCOM: SECL); Synaptics (NASDAQ: SYNA); USAA ; OneSpan (NASDAQ: VDSI); Visa Inc. (NYSE: V); Yubico. Media Contact: Megan Shamas for FIDO Alliance (203) 226-9290 [email protected]
The Verge: You can now sign into a Microsoft Account without a password using a security key
Microsoft is the first company to support passwordless authentication using...November 20, 2018
Bank Info Security: State of the Authentication Landscape
In this Bank Info Security article, Shane Weeden, an authentication...November 6, 2018
Tech Target: How can U2F authentication end phishing attacks?
Tech Target reports on Google’s adoption of FIDO U2F security...November 5, 2018