Sixty three (63) percent of all data breaches involve the use of stolen, weak, or default passwords, while the recent LinkedIn, Myspace, Tumblr and Fling password leaks left 642 million accounts compromised and millions scrambling to change the old, simple passwords that they reuse across applications. Perhaps now, says the FIDO Alliance, is the time for the world to stop relying on passwords.
The FIDO Alliance is the cross-industry consortia that provides a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables web service providers to deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
The Alliance have announced a number of proof points highlighting the global adoption of FIDO authentication over the past 18 months since the FIDO specifications were released, and 12 months since the launch of the FIDO® Certified program. More than 200 products from global technology leaders are now FIDO Certified, says the Alliance, giving service providers a ‘diverse and flexible range of turnkey options to deploy FIDO standards’. This represents a 100-percent increase since the start of 2016.
Organizations with new FIDO Certified products include: Austria Card; Aware, Inc.; Beijing SHENQI Technology Co. Ltd.; Century Longmai Technology Co., Ltd; Coolpad Group Limited; Goodix; GOTrust Technology Inc.; IDEX; Infineon Technologies; INITECH Co., Ltd.; Institute for Information Industry; KDDI CORPORATION; KONA I Co., Ltd; Koscom Corporation; KT; KYOCERA Corporation; Ledger; LeEco; Lenovo; LG Uplus; Lightfactor; Neoframe, Inc.; Open Security Research (OSR); Penta Security Systems Inc.; Safran Identity & Security; SGA Solutions Co., Ltd.; Shenzhen Excelsecu Data Technology Co., Ltd; VASCO Data Security International; Yubico.
These latest certifications include the first FIDO Certified products that support Bluetooth® for wireless strong authentication. With these products, the Bluetooth authenticator needs only to be near a Bluetooth-enabled device for the user to be strongly authenticated to web apps on that device.
FIDO authentication is now enabled on devices from the top five global handset manufacturers. Additionally, service providers including Google, PayPal, Samsung, Bank of America, NTT DOCOMO, Dropbox, GitHub and GOV.UK Verify have made FIDO authentication available to protect hundreds of millions of end-users’ desktop and mobile apps, while RSA and eBay are among the many companies that have launched FIDO Certified solutions to facilitate enterprise and commercial deployments.
Microsoft also will be integrating FIDO into Windows 10 for password-less authentication, while the FIDO Alliance is working with the World Wide Web Consortium (W3C) to standardize FIDO strong authentication across all web browsers and related web platform infrastructure.
In a recently-published two-year study of its FIDO deployment with security keys, Google revealed that using FIDO strong authentication is markedly faster than other strong authentication methods, has zero authentication failures, reduces hardware and support costs over one-time password (OTP) tokens, and provides all of the necessary privacy and security protections from phishing and man-in-the-middle attacks.
According to Google, “our users have been very happy with the switch: we received many instances of unsolicited positive feedback.”
“When we started tackling the password problem, we knew that our solution first and foremost would have to be based on proven security to stop the ongoing onslaught of data breaches,” said Brett McDowell, executive director of the FIDO Alliance. “Second, users will have to actually want to use it. And third, it would have to be an open industry standard so it could become ubiquitously adopted by the whole internet ecosystem. This is what we have designed with FIDO, and as the adoption momentum demonstrates, we are well on the path towards that ubiquity.”
Learn more about the FIDO Alliance, FIDO standards and certification at www.fidoalliance.org.