Internet of Things (IoT)
The FIDO Alliance is involved in three areas to work towards achieving its mission to reduce the world’s reliance on passwords to better secure the web: user authentication; identity verification and binding; and the Internet of Things (IoT). The work areas address essential aspects of the digital identity lifecycle management, including identity verification for initial account onboarding and account recovery, and user and device authentication.
The IoT Challenge
Gartner forecasts that 15 billion connected things will be in use by 2021, opening up opportunities for increased efficiencies and innovation across industries. Yet, lack of IoT security standards and outdated processes such as shipping with default password credentials and manual onboarding leave devices, and the networks they operate on, open to large-scale attacks.
FIDO Alliance Goal: Removing password use from IoT
The FIDO Alliance aims to provide a comprehensive authentication framework for IoT devices in keeping with the fundamental mission of the organization – passwordless authentication.
To lead these efforts the Alliance has formed the IoT Technical Working Group (IoT TWG), which will develop use cases, target architectures and specifications covering:
- IoT device attestation/authentication profiles to enable interoperability between service providers and IoT devices
- Automated onboarding, and binding of applications and/or users to IoT devices
- IoT device authentication and provisioning via smart routers and IoT hubs
Learn more about the FIDO Alliance Working Groups carrying out the work of the FIDO Alliance.
FIDO IoT Specifications
The FIDO Alliance IoT Technical Working Group has published a Proposed Standard of its IoT specification, FIDO Device Onboard (FDO), for automatic onboarding of IoT devices. Learn more about the specification in the Specifications Overview and download the specification by visiting “Download IoT Specifications.”