Momentum for FIDO Authentication Leads Evolution Beyond Passwords

Written by Josh Yim on . Posted in News & Events, Press Releases

200+ FIDO Certified products are now available for simpler, stronger authentication

Mountain View, Calif., June 15, 2016 – Now is the time for world to stop relying on passwords. This is clear as 63 percent of all data breaches involve the use of stolen, weak, or default passwords, while the recent LinkedIn, Myspace, Tumblr and Fling password leaks left 642 million accounts compromised and millions scrambling to change the old, simple passwords that they reuse across applications. Technology and service providers agree, and are backing a new standard to solve the password problem: FIDO strong authentication.

The FIDO Alliance is the cross-industry consortia that provides a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables web service providers to deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.

The Alliance today announced a number of proof points highlighting the global adoption of FIDO authentication over the past 18 months since the FIDO specifications were released, and a mere 12 months since the launch of the FIDO® Certified program:

The number of FIDO Certified products continues to expand.
More than 200 products from global technology leaders are now FIDO Certified, the Alliance announced today, giving service providers a diverse and flexible range of turnkey options to deploy FIDO standards. This represents a 100-percent increase since the start of 2016.

Organizations with new FIDO Certified products announced today include: Austria Card; Aware, Inc.; Beijing SHENQI Technology Co. Ltd.; Century Longmai Technology Co., Ltd; Coolpad Group Limited; Goodix; GOTrust Technology Inc.; IDEX; Infineon Technologies; INITECH Co., Ltd.; Institute for Information Industry; KDDI CORPORATION; KONA I Co., Ltd; Koscom Corporation; KT; KYOCERA Corporation; Ledger; LeEco; Lenovo; LG Uplus; Lightfactor; Neoframe, Inc.; Open Security Research (OSR); Penta Security Systems Inc.; Safran Identity & Security; SGA Solutions Co., Ltd.; Shenzhen Excelsecu Data Technology Co., Ltd; VASCO Data Security International; Yubico.

These latest certifications include the first FIDO Certified products that support Bluetooth® for wireless strong authentication. With these products, the Bluetooth authenticator needs only to be near a Bluetooth-enabled device for the user to be strongly authenticated to web apps on that device.

More details on the latest FIDO Certified products and updates to the program are the focus of a June 23rd FIDO Alliance webinar at 2 pm EDT. To register, visit https://fidoalliance.org/events/fido_certification_validating_next_generation_auth/.

FIDO authentication is increasingly available for online authentication.
FIDO authentication is now enabled on devices from the top five global handset manufacturers. Additionally, service providers including GooglePayPalSamsungBank of AmericaNTT DOCOMODropbox, GitHub and GOV.UK Verify have made FIDO authentication available to protect hundreds of millions of end-users’ desktop and mobile apps, while RSA and eBay are among the many companies that have launched FIDO Certified solutions to facilitate enterprise and commercial deployments.

Coming soon: Microsoft also will be integrating FIDO into Windows 10 for passwordless authentication, while the FIDO Alliance is working with the World Wide Web Consortium (W3C) to standardize FIDO strong authentication across all web browsers and related web platform infrastructure.

Service providers are realizing the benefits from deploying FIDO.
In a recently-published two-year study of its FIDO deployment with security keys, Google revealed that using FIDO strong authentication is markedly faster than other strong authentication methods, has zero authentication failures, reduces hardware and support costs over one-time password (OTP) tokens, and provides all of the necessary privacy and security protections from phishing and man-in-the-middle attacks.

According to Google, “our users have been very happy with the switch: we received many instances of unsolicited positive feedback.”

FIDO strong authentication is simpler than other options.
FIDO authentication is much simpler than remembering all kinds of passwords or other forms of strong authentication. The user simply needs to look at something (iris scan, facial recognition), touch something (fingerprint sensor, security key, wearable), say something (voice recognition) to be securely authenticated to any online service that supports FIDO. For security, FIDO uses public key cryptography and is strongly resistant to phishing, while user credentials and biometric templates are never stored on servers and never leave the user’s device.

“When we started tackling the password problem, we knew that our solution first and foremost would have to be based on proven security to stop the ongoing onslaught of data breaches,” said Brett McDowell, executive director of the FIDO Alliance. “Second, users will have to actually want to use it. And third, it would have to be an open industry standard so it could become ubiquitously adopted by the whole internet ecosystem. This is what we have designed with FIDO, and as the adoption momentum demonstrates, we are well on the path towards that ubiquity.”

Learn more about the FIDO Alliance, FIDO standards and certification at www.fidoalliance.org.

About FIDO® Certified
FIDO certification testing is based on industry-standard best practices to objectively evaluate technical implementations of the FIDO specifications. FIDO certification is open to all who want to offer FIDO authentication in products and services compliant with FIDO specifications. There are two options for FIDO certification testing: interoperability testing events or on-demand testing.

The next FIDO Certified interoperability testing events will take place on August 30, 2016 for FIDO U2F and August 31 and September 1, 2016 for FIDO UAF. Subsequent testing sessions will occur approximately every 90 days or as demand dictates. Detailed information about the program and testing registration may be found at the FIDO Alliance website.

On Demand Testing has been introduced as an alternative to attending interoperability events. On Demand Testing is available year-round, with three options: virtual; shipped; and in-person. For more details, visit the FIDO Alliance website.

About the FIDO Alliance
The FIDO Alliance,www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

The FIDO Alliance Board of Directors includes leading global organizations:Aetna, Inc. (NYSE: AET);Alibaba Holdings (NYSE: BABA);American Express (NYSE: AXP);ARM Holdings plc (LSE: ARM and NASDAQ: ARMH);Bank of America Corporation  (NYSE:BAC);BC Card;CrucialTec (KRX: 114120);Daon; Egis;Google (NASDAQ: GOOG);Intel (NASDAQ: INTC);ING (NYSE: ING);Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY);Lenovo (NASDAQ: LNVGY);MasterCard (NYSE: MA);Microsoft (Nasdaq: “MSFT”);Nok Nok Labs, Inc.;NTT DOCOMO, INC. (NYSE: DCM);NXP Semiconductors N.V. (NASDAQ:NXPI);Oberthur Technologies OT;PayPal (NASDAQ:PYPL);Qualcomm, Inc. (Nasdaq: QCOM);RSA®;Samsung Electronics, Ltd (KOSCOM: SECL);Synaptics (NASDAQ: SYNA);USAA;VASCO Data Security International, Inc.  (NASDAQ: VDSI);Visa Inc. (NYSE: V);Yubico.
 
Contact
Megan Shamas
Montner Tech PR
203-226-9290
mshamas@montner.com