FIDO Alliance has launched FIDO2 browser support and first certified products to reduce password use on the web.
The company was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords.
Following its announcement, any website can leverage FIDO2 strong authentication protocols from the W3C and FIDO Alliance to replace passwords with cryptographically secure logins using convenient alternatives like on-device biometrics and FIDO Security Keys.
The standards were introduced last April, and now Google Chrome, Microsoft Edge and Mozilla Firefox browsers all support FIDO2.
This support and newly certified products provides service providers with ‘all of the tools needed’ to roll out FIDO Authentication for their websites and applications, according to FIDO.
In the official press release, the company said FIDO Authentication has been proven to protect against the phishing and security risks associated with passwords, provide better user experiences over remembering and typing passwords, and lower authentication support costs.
“With FIDO2, the tech industry has, for the first time, established a technology standard for strong, phishing-resistant authentication on the web that promises better security and a better user experience. These announcements today of certified products and leading web browser support deliver on that promise by bringing these new capabilities to market,” said Brett McDowell, executive director of the FIDO Alliance.
“Any web application — consumer or enterprise, mobile or desktop — can now be enabled to take advantage of these innovations at internet scale with the full confidence that comes from an independent certification program designed and governed by their peers.”
FIDO2 is comprised of the W3C’s Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from FIDO Alliance. These enable users to leverage common devices to authenticate to online services through mobile and desktop browsers.
FIDO2 supports a variety of authentication use cases and experiences, including passwordless, second-factor and multifactor for the highest levels of assurance. Password-only logins can now be replaced with easy user gestures using embedded biometrics (facial recognition, iris scan, fingerprint swipe) and/or portable security keys.
Earlier this year, Zighra, an AI-powered authentication and fraud detection, updated its platform to support FIDO and FIDO 2. Following the implementation of GDPR, Zighra adopted FIDO Alliance standards to help businesses comply. The company has launched an ‘on device’ version of its platform to support FIDO authentication, including the emerging FIDO2 protocols.
Copyright © 2018 RegTech Analyst
Copyright © 2018 RegTech Analyst