12 February, 2014
The FIDO Alliance released its first public review draft technology specifications. These open technologies have been developed by a number companies worldwide to enable simpler, stronger authentication to scale in the market.
The Q1 2013 Forrester Wave: Enterprise Fraud Management asserts the online services industry is seeing upwards of $200 billion in annual losses from password breaches and related hacks that exploit the vulnerabilities inherent in single-factor password systems. According to the Verizon 2013 Network Investigations Data Breach Report, 76% of network intrusions exploit weak or stolen credentials. According to Gartner, 20% to 50% of all help desk calls are for password resets. Forrester Research estimates help desk labor cost at $70 per password reset. InMobile Consumer Insights, Jumio reports that 68% of smart phone and tablet owners have attempted to make purchases on their device. Due to problems during the payment process, 66% abandoned the transaction and 47% of these said they abandoned transactions that took too long.
FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to the reliance on single-factor passwords.
“With the public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises,” Michael Barrett, says president of the FIDO Alliance. “Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies.”
The FIDO specifications emphasize a device-centric model. FIDO specifications will support a range of authentication technologies, including biometrics, as well as further enable existing solutions and communications standards, such as Trusted Platform Modules, USB Security Tokens, embedded secure elements, smart cards, Bluetooth low energy, and Near Field Communication.
The open specifications are being designed to be extensible and accommodate future innovation, as well as protect existing investments. FIDO specifications enable device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations.
The FIDO specifications are designed to complement and add value to identity federation. The user authentication enabled by FIDO specifications can be federated using existing industry standards such as OpenID and SAML. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real-world deployment experience.
FIDO specifications enable device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real world deployment experience.
FIDO Alliance members are already developing FIDO Ready products and services based on early draft FIDO specifications. In October 2013, The FIDO Alliance began a certification program with FIDO Ready branding for implementations passing conformance and interoperability testing to early draft specifications. The 2014 Consumer Electronics Show revealed the first demonstrations of FIDO Ready products.
Upon its first-year anniversary, the FIDO Alliance demonstrates momentum that attests to pent-up demand for simpler, stronger authentication that must scale, as only open industry standards can deliver.
The FIDO Alliance also announces that its membership is approaching 100 strong, with Aetna, ARM, Dell, Discretix, IdentityX, Netflix, Next Biometrics, Oesterreichische Staatsdruckerei GmbH, Salesforce, SafeNet, Sonavation, STMicroelectronics, and Wave Systems being among the most recent companies to join as Sponsor members of the Alliance. Launched in February 2013 with six founding members, the alliance has grown rapidly with representation from every continent and every industry.