The FIDO Alliance promotes the use of strong multi-factor authentication in lieu of user names and passwords. With more than 250 members, the alliance crafts specifications for a standardized authentication solution that’s now in use by stakeholders.
A new white paper demonstrates how smart card technology can enhance security for organizations implementing FIDO authentication standards. “Smart Card Technology and the FIDO Protocols,” by the Smart Card Alliance’s Identity Council, focuses on the identity authentication process.
User names and passwords are under increasing scrutiny for being vulnerable to hackers and cumbersome for users. While individual vendors have created their own solutions for ease of use and higher security, those solutions are limited without the implementation of standards. That’s where FIDO comes in with a simple enrollment and a highly secure authentication protocol. The FIDO Alliance has created specifications for two protocols: U2F and UAF.
“Incorporating smart card technology with an implementation of either of the FIDO protocols can strengthen the security of the identity authentication process and bring the benefits of smart card technology to a wider audience,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “This white paper demonstrates how the addition of smart card technology to a FIDO protocol implementation is a critical piece of the puzzle to make the online world more trusted.”
The benefits of FIDO implementation using smart card technology and hardware-based security:
- Generates keys using true random number generators
- Prevents cloning and counterfeiting
- Enables multiple form factors (like USB devices, microSD, wearables)
- Leverages device manufacturers’ security certifications
- Provides the highest level of security available to protect FIDO-related credentials and biometrics
The report finds that smart cards – combined with the FIDO protocols – offer the highest level of token assurance and trust, provide anonymity, and enable the relying party to define the level of trust and token assurance required.