Updated authentication specifications and roadmap to end the world’s reliance on passwords
TOKYO and MOUNTAIN VIEW, CALIF., December 8, 2016 – The FIDO Alliance announced today several updates in the organization’s specification portfolio and roadmap to end the world’s dependency on passwords with simpler, stronger FIDO authentication.
“The FIDO Alliance released the FIDO 1.0 specifications two years ago, which were deployed by some of the most trusted brands across the web and mobile app ecosystems. These deployments have made FIDO authentication available to more than 1.5 billion end-users to protect their online accounts from phishing, man-in-the-middle and replay attacks using stolen passwords,” said Brett McDowell, executive director of the FIDO Alliance. “To continue this momentum, the FIDO Alliance is collaborating with key industry partners to add new features and optimizations designed to bring enhanced FIDO authentication capabilities to web, desktop and mobile platforms, resulting in accelerated adoption by device manufacturers, service providers and enterprises alike.”
The FIDO authentication specifications in the roadmap announced today include:
FIDO 1.1 specifications. The FIDO Alliance has released the FIDO 1.1 specifications, which include several enhancements such as support for smart cards, Bluetooth Low Energy (BLE) and Near Field Communication (NFC), and an expanded authenticator metadata service to better serve the risk management requirements of online service providers.
W3C Web Authentication specification. Progress in the development of the Web Authentication specification is moving along steadily, with the latest working drafts having been released by W3C for public download and review (https://w3c.github.io/webauthn/). The Web Authentication specification, based on three technical specifications submitted to the W3C by the FIDO Alliance last year, will define a standard web API to enable web applications to move beyond passwords and offer strong FIDO authentication across all web browsers and related web platform infrastructure.
Client-to-Authenticator Protocol (CTAP). The FIDO Alliance plans to release a new specification in 2017 to enhance the user authentication experience, and announced that a draft version of the specification has been shared with the W3C for review and feedback. CTAP will enable browsers and operating systems to talk to external authenticators like USB keys, NFC- and Bluetooth-enabled devices and remove the requirement for users to re-register on every device they use. With this specification, a user could use their wearable or mobile device, for example, to log in to their computer, tablet, IoT device, etc.
User Verification Caching specification. Announced in October, the FIDO Alliance is developing a new technical specification to fulfill use cases provided by EMVCo. The specification will provide a standard way for mobile wallet providers and payment application developers to support Consumer Device Cardholder Verification Methods (CDCVM)[1], enabling consumers to conveniently use on-device FIDO® Certified authenticators – such as a fingerprint or “selfie” biometrics – to securely verify their presence when making an in-store or in-app mobile payment.
Specifications and certifications from the FIDO Alliance enable an interoperable ecosystem of on-device authenticators that can be used with compliant mobile apps and websites. Top service providers including eBay, Google, PayPal, Samsung, Bank of America, NTT DOCOMO, Dropbox, GitHub, GOV.UK Verify and Salesforce have made FIDO authentication available to protect more than 1.5 billion end-users’ online accounts. The mobile industry is rapidly adopting FIDO authentication, with FIDO® Certified solutions already available on flagship mobile devices from six of the top 10 mobile handset manufacturers. Additionally, more than 250 products are now FIDO® Certified, giving enterprises and online service providers a rich variety of interoperable FIDO authentication solutions to choose from.
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.
The FIDO Alliance Board of Directors includes leading global organizations: Aetna, Inc. (NYSE: AET); Alibaba Holdings (NYSE: BABA); American Express(NYSE: AXP); ARM Holdings plc (LSE: ARM and NASDAQ: ARMH); Bank of America Corporation (NYSE:BAC); BC Card; CrucialTec (KRX: 114120); Daon; Egis; Feitian Technologies (XSHE : 300386); Google (NASDAQ: GOOG); Intel (NASDAQ: INTC); ING (NYSE: ING); Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY); Lenovo (NASDAQ: LNVGY); MasterCard (NYSE: MA); Microsoft (Nasdaq “MSFT”); Nok Nok Labs, Inc.; NTT DOCOMO, INC. (NYSE: DCM); NXP Semiconductors N.V.(NASDAQ:NXPI); Oberthur Technologies OT; PayPal (NASDAQ:PYPL); Qualcomm, Inc. (Nasdaq: QCOM); RSA®; Samsung Electronics, Ltd (KOSCOM: SECL); Synaptics (NASDAQ: SYNA); USAA; OneSpan (NASDAQ: VDSI); Visa Inc. (NYSE: V); Yubico.
Contact
Megan Shamas
Montner Tech PR
203-226-9290
mshamas@montner.com
[1] Consumer Device Cardholder Verification Method (CDCVM) is a type of consumer verification method (CVM) supported by the card networks that is captured and verified on the cardholder’s mobile device (e.g. biometric, passcode).
MORE Announcements