MOUNTAIN VIEW, Calif., June 16, 2023 – The FIDO Alliance announced today that two of its specifications, FIDO UAF 1.2 and CTAP 2.1, are recognized as international standards by the International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T). This milestone establishes these standards as official ITU standards (ITU-T Recommendations) for the global infrastructure of information and communication technologies (ICT).
ITU-T is the standardization arm of ITU, the United Nations specialized agency for ICT. The FIDO Alliance specifications were approved as official ITU-T Recommendations by ITU members including national administrations and the world’s front-running ICT companies. The new ITU-T Recommendations are under the responsibility of ITU’s standardization expert group for security, ITU-T Study Group 17.
“The FIDO Alliance is improving online authentication through open standards based on public key cryptography that make authentication stronger and easier to use than passwords or one-time passcodes. One of the ways that we fulfill this mission is by submitting our mature technical specifications to internationally recognized standards groups like ITU-T for formal standardization,” said David Turner, senior director of standards development at the FIDO Alliance. “This recognition from ITU-T illustrates the maturity of FIDO authentication technology and complements our web standardization work with the World Wide Web Consortium (W3C).”
“Predecessors of these FIDO UAF and CTAP specifications were first adopted as ITU standards in 2018. ITU-T Study Group 17 will continue to strengthen its collaboration with the FIDO Alliance. These two FIDO Alliance specifications, adopted as ITU standards recently, are being widely used in various industries such as the financial sector to provide strong online authentication based on public key cryptography and various user verification methods,” said Heung Youl Youm, Chairman of ITU-T Study Group 17. “These new ITU standards will provide a concrete basis for the two FIDO specifications to be adopted across the 193 ITU Member States.”
“Our working group within ITU-T Study Group 17 was pleased to be able to collaborate with the FIDO Alliance to promote the standardization of state-of-the-art security technologies,” said Abbie Barbir, Rapporteur for ITU-T’s working group on ‘Identity management and telebiometrics architecture and mechanisms’ (Q10/17). “This work will help address and solve the security limitations of passwords and move the world closer to passwordless solutions.”
The specifications that are now ITU-T Recommendations are:
- FIDO UAF 1.2 (Recommendation ITU-T X.1277.2). A mobile standard providing authentication without passwords by using biometrics and other modalities to authenticate users to their local device.
- CTAP 2.1 (Recommendation ITU-T X.1278.2). Part of FIDO2 specifications along with the W3C Web Authentication standard, allows the use of external authenticators (FIDO Security Keys, mobile devices) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a passwordless, second-factor or multi-factor authentication experience.
For more information on the FIDO Alliance and FIDO authentication, visit https://www.fidoalliance.org.
For more information on ITU-T SG 17 visit https://www.itu.int/en/ITU-T/studygroups/2022-2024/17/Pages/default.aspx.
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
About ITU-T SG 17
The ITU Telecommunication Standardization Sector (ITU-T) is one of the three Sectors (branches) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Communication Technology such as X.509 for cybersecurity, Y.3172 and Y.3173 for machine learning, and H.264/MPEG-4 AVC for video compression, between its Member States, Private Sector Members, and Academia Members.
FIDO Alliance Contact
press@fidoalliance.org
ITU Contact
tsbsg17@itu.int