December 18, 2018

FIDO Alliance Specifications Now Adopted As ITU International Standards

MOUNTAIN VIEW, Calif., DECEMBER 18, 2018 — The FIDO Alliance, the industry consortium developing open, interoperable authentication standards, announced today that two of its specifications are now recognized as international standards by the International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T). This milestone establishes FIDO UAF 1.1 and CTAP as official ITU standards (ITU-T Recommendations) for the global infrastructure of information and communication technologies (ICT).

ITU-T is the standardization arm of ITU, the United Nations specialized agency for ICT. The FIDO Alliance went through a thorough process before its specifications were approved as official ITU-T Recommendations by ITU members including national administrations and the world’s front-running ICT companies. The new ITU-T Recommendations are under the responsibility of ITU’s standardization expert group for security, ITU-T Study Group 17.

“The FIDO Alliance is working to improve online authentication through open standards based on public key cryptography that make authentication stronger and easier to use than passwords or OTPs. One of the ways that we fulfill this mission is by submitting our mature technical specifications to internationally recognized standards groups like ITU-T for formal standardization,” said Brett McDowell, executive director of the FIDO Alliance. “This recognition from ITU-T, arguably the highest bar in ICT standardization, illustrates the maturity of FIDO authentication technology and complements our web standardization work with the World Wide Web Consortium (W3C).”

“ITU-T Study Group 17 will continue to strengthen its collaboration with the FIDO Alliance. These two FIDO Alliance specifications, adopted as ITU standards recently, are being widely used in various industries such as the financial sector to provide strong online authentication based on public key cryptography and various user verification methods,” said Heung Youl Youm, Chairman of ITU-T Study Group 17. “These new ITU standards will provide a concrete basis for the two FIDO specifications to be adopted across the 193 ITU Member States.”

“Our working group within ITU-T Study Group 17 was pleased to be able to collaborate with the FIDO Alliance to promote the standardization of state-of-the-art security technologies,” said Abbie Barbir, Rapporteur for ITU’s working group on ‘Identity management architecture and mechanisms’ (Q10/17). “This work will help address and solve the security limitations of passwords.”

The specifications that are now ITU-T Recommendations are:

  • FIDO UAF 1.1 (Recommendation ITU-T X.1277). A mobile standard providing authentication without passwords by using biometrics and other modalities to authenticate users to their local device.
  • CTAP (Recommendation ITU-T X.1278). Part of FIDO2 specifications along with the W3C Web Authentication standard, CTAP includes FIDO U2F 1.2 and allows the use of external authenticators (FIDO Security Keys, mobile devices) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a passwordless, second-factor or multi-factor authentication experience.

For more information on the FIDO Alliance and FIDO Authentication, visit http://www.fidoalliance.org.

About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

MORE Building the Business Case


Javelin Research’s State of Strong Authentication 2019 Report

As data breaches and increasingly sophisticated phishing attacks continue to...

February 8, 2019

Javelin Research’s State of Strong Authentication 2019 Report

As data breaches and increasingly sophisticated phishing attacks continue to...


Google Case Study

From Google’s perspective, defending against phishing is the key to...

Download Specs