Truuth becomes member of FIDO Alliance
The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. The FIDO Alliance promotes the development of, use of, and compliance with standards for authentication and device attestation.
Passwords endure despite the growing consensus their use needs to be reduced, if not replaced. But even though effective Public Key Infrastructure (PKI) and strong authentication solutions have existed for years, barriers to widespread adoption persist. Consumers don’t like the user experience, and online service providers don’t want the cost and complexity of developing and provisioning their own dedicated solutions.
The FIDO (Fast IDentity Online) Alliance is working to change the nature of authentication with open standards that are more secure than passwords and SMS One Time Pins (OTPs), simpler for consumers to use, and easier for service providers to deploy and manage.
The FIDO Alliance has more than 250 members, including global tech leaders across enterprise, payments, telecom, government and healthcare. Leading companies such as Microsoft, Google, Apple, Amazon, Facebook, Mastercard, American Express, VISA and PayPal have board level membership.
The FIDO Alliance works to fulfill its mission by:
- Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users
- Operating industry certification programs to help ensure successful worldwide adoption of the specifications
- Submitting mature technical specification(s) to recognized standards development organization(s) for formal standardization
The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During online registration, the user’s device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the user’s device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, performing a face scan, inserting a second–factor device, or pressing a button.
The FIDO protocols are designed to protect user privacy. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.
FIDO is a game changer. Companies have traditionally been faced with an entire stack of proprietary clients and protocols. FIDO changes this by standardizing the client and protocol layers. This enables a growing ecosystem of client authentication methods such as biometrics, PINs and second–factors that can be used with a variety of online services in an interoperable manner.