FIDO Alliance Publishes Authentication Standards; First Products Unveiled

  /     /     /  
Publicated : 22/11/2024   Category : security


FIDO Alliance Publishes Authentication Standards; First Products Unveiled


FIDO Alliance issues specs for authentication plumbing; Nok Nok ships first implementation



The Fast Identity Online (FIDO) Alliance, a consortium of nearly 100 security vendors and enterprises that proposes to create a standard method for user authentication,
published its first specifications
for industry review on Tuesday.
The first products to be built on the specifications, Nok Nok Labs S3 Authentication Suite,
were released on Thursday
.
Proponents of the FIDO guidelines, which are designed to help systems find the most effective method of authenticating a user, say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
One of the clear advantages of the FIDO approach is that it offers users a consistent experience across multiple services and user devices, a range of multi-factor schemes, and maintains privacy by using distinct authentication keys for different services, says Andrew Young, vice president of product management for authentication at SafeNet. The FIDO Alliance, by helping to standardize multi-factor practices, will contribute to the formation of a broader identity framework based on greater trust and better security in both consumer and enterprise environments.
The FIDO Alliance proposes to create common plumbing for authentication, creating a single method for logging onto a secure system, regardless of the authentication technologies used. When an access request is received under FIDO, the systems involved seek out the most effective method of authentication that can be used by both the server and the client and trigger it, eliminating the need for all users to conform to a single authentication mechanism or rely on passwords.
Nok Nok Labs is providing an early look at technology that uses the FIDO standards with the unveiling of the S3 Suite, which includes a Multifactor Authentication Server (MFAS) and Multifactor Authentication Clients (MFACs) for mobile and desktop devices. The MFAS implements a FIDO-method of passwordless authentication, while the MFAC enables endpoint devices to take advantage of security capabilities inherent in their hardware.
One of the things thats been surprising to us is the interest in using this technology for mobile devices, says Phillip Dunkelberger, president and CEO of Nok Nok. So far, the mobile implementation is an even higher priority for enterprises than the desktop and laptop implementation. Thats one of the biggest pain points.
While the FIDO Alliance has been in existence for more than a year and has gained the membership of mega-players such as Microsoft, Google, MasterCard, and PayPal, the group still has a long road ahead of it, Dunkelberger concedes.
Were proposing to take a key pillar of Internet technology and make a big change in the way it works, Dunkelberger says. We didnt expect such a significant change in the ecosystem to take place overnight. This is more like building a ship than building a security widget.
Still, Dunkelberger expects to see FIDO-based products emerging in the second and third quarters of this year. Mobile e-commerce and payment systems may be among the first to use the technology, with medical payment systems and insurance processors following close behind, he says.
Truly effective authentication technologies must be designed for strong security and ease-of-use, says Jon Oltsik, senior principal analyst at Enterprise Strategy Group. Balancing these two design objectives has been difficult in the past, so solutions were skewed toward highly secure complex authentication or simple insecure authentication – a lose-lose proposition. The solution that Nok Nok Labs has developed on top of FIDO finally bridges this gap, offering a secure yet easy-to-use authentication method. Given todays threat landscape, this is exactly whats needed.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FIDO Alliance Publishes Authentication Standards; First Products Unveiled