Google Launches Security Key, World’s First Deployment of Fast Identity Online Universal Second Factor (FIDO U2F) Authentication
Google Chrome becomes First Web Browser to Implement FIDO Alliance Authentication Standards
Mountain View, Calif.– October 21, 2014…The FIDO (Fast IDentity Online) Alliance (http://fidoalliance.org/), a global industry consortium delivering open standards for simpler, stronger authentication, is announcing that Google is the latest member organization to deploy support forFIDOAlliance authentication standards.
Also today, Google Chrome became the first web browser to implement support for FIDO Alliance authentication standards, opening the door for any website to deploy simpler, stronger FIDO U2F authentication to users of the world’s most popular web browser.
Google announced that they are strengthening their 2-Step Verification by offering support for Security Key, a FIDO Ready™ U2F compliant physical USB second factor device that offers a simpler, stronger alternative to today’s six digit one-time passcodes (OTP). Google’s new Security Key solution offers even more protection for their most security-sensitive users. Rather than typing a code, the user just inserts a Security Key into their computer’s USB port and taps it when prompted in the Google Chrome browser. When signing into a Google Account this way, users can be assured that their second factor cannot be phished, because Security Key doesn’t provide its cryptographic signature when a fake site is attempting to impersonate a Google sign-in page in Chrome. Chrome incorporates the open FIDO Universal 2nd Factor (U2F) protocol, so other websites with account login systems can now build support for FIDO U2F into their web applications and instantly enable this experience for their users who run Chrome. Security Key works with Google Accounts at no charge, and users can buy a compatible USB device directly from any tested and approved FIDO Ready U2F vendor.
“We’re glad to participate in the FIDO Alliance, and to bring FIDO U2F support to Google and to Chrome,” said Sampath Srinivas, Product Management Director at Google and FIDO Alliance board member.
“We congratulate Google for making FIDO U2F authentication an option for their users,” said Michael Barrett, president of the FIDO Alliance. “With large scale deployments of FIDO UAF in payments applications from PayPal, Samsung, AliPay, Nok Nok Labs, and Synaptics, and today’s announcement of FIDO U2F authentication by Google, there is no doubt that a new era has arrived. We are starting to move users and providers alike beyond single-factor passwords to more secure, private, easy-to-use FIDO authentication.”
“Secure element ICs revolutionized security for banking cards, ePassports and mobile payment,” said Sami Nassar, Vice President and General Manager of Cyber Security Solutions at NXP Semiconductors. “Today, through the FIDO U2F authentication protocol, secure element ICs bring a new level of security to user authentication for enterprise networks and consumer cloud services.”
“Browser support for FIDO U2F is a major step toward scaling high security public key authentication to the mass market,” said Stina Ehrensvard, CEO & Founder of Yubico, Inc. “With a U2F enabled device, users can now login to Google Accounts and any number of services with FIDO U2F support – with no drivers, client software or middleware needed!”
Several FIDO Alliance members are announcing their product lines of FIDO Ready devices that work with Google’s Security Key feature and any future deployments of FIDO U2F authentication. These FIDO Ready devices enable online service providers, enterprises, and users to take advantage of FIDO U2F authentication. Empowering users and enterprises by enabling choice from a range of interoperable strong authentication products is a hallmark of the FIDO Alliance. The emerging ecosystem of FIDO U2F products and services being announced today, combined with the previously announced FIDO UAF offerings, represents a strong and vital marketplace of interoperable FIDO authentication choices available now and growing quickly.
To begin using FIDO U2F authentication today, there are FIDO Ready devices, authenticators, open source solutions, and servers available now directly from the following vendors: Duo Security, Entersekt ,Infineon, NXP, Nok Nok Labs, Plug-up International, ST Microelectronics, Sonavation, StrongAuth, SurePassID and Yubico.
FIDO standards will support a full range of authentication technologies, including biometrics, such as fingerprint and iris scanners, voice and facial recognition, as well as further enabling existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). The open standards specifications are being designed to be extensible and to accommodate future innovation, as wel as protect existing investments. FIDO specifications allow the interaction of technologies within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations.
About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.
The FIDO Alliance Board of Directors includes leading global organizations: Alibaba Holdings (NYSE: BABA)
; ARM Holdings plc (LSE: ARM and NASDAQ: ARMH); Bank of America Corporation (NYSE:BAC);
BlackBerry® ; CrucialTec(KRX: 114120); Discover Financial Services (NYSE: DFS); Google; IdentityX; Lenovo; MasterCard(NYSE: MA); Microsoft(Nasdaq “MSFT”); Nok Nok Labs, Inc.; NXP Semiconductors N.V. (NASDAQ:NXPI); Oberthur Technologies OT; PayPal (NASDAQ:EBAY);
Qualcomm, Inc. (Nasdaq: QCOM); RSA®; Samsung Electronics, Ltd (KOSCOM: SECL); Synaptics (NASDAQ: SYNA); Visa Inc. (NYSE: V); Yubico.
for FIDO Alliance
An Update from FIDO Alliance on Authenticate Conference
Authenticate Event Team Authenticate, the inaugural FIDO conference, will be...March 27, 2020
Financial Action Task Force Guidance Points to FIDO as Preferred Approach to Combat Authentication Vulnerabilities
This month, the Financial Action Task Force (FATF) released its...March 18, 2020
Agenda Announced for Authenticate 2020, the First FIDO Conference
Note: Authenticate, the inaugural FIDO conference, has been postponed from...February 26, 2020