A Thing
The Green SheetGreen Sheet

Monday, October 1, 2018

New standards push to sideline passwords

Web security is about to get turbo charged with a new set of access security standards that eliminate the need for passwords, replacing them with cryptographically secure login routines. The new standards are the work of the FIDO Alliance and the World Wide Web Consortium (W3C).

FIDO (which stands for Fast IDentity Online) was created in 2012 to promote interoperability among authentication technologies and to foster an environment where web users don’t need to rely on multiple user names and passwords to access web services. W3C is an international Internet standards body.

The FIDO Alliance developed specifications (dubbed FIDO2) for multifactor authentication using on-device biometrics and security keys for accessing websites. FIDO2 consists of W3C’s web authentication standard and a client-to-authenticator protocol developed by the FIDO Alliance.

The standards enable users to leverage common devices to authenticate to online services through mobile and desktop browsers. Earlier this year the leading web browser companies (Google, Microsoft and Mozilla) stated they would support the standards.

A blow to phishing, stolen credentials

W3C CEO Jeff Jaffe has said that passwords represent “one of the weakest links” in web security and that moving away from passwords would deal a blow to phishing and online attacks that leverage stolen user credentials.

On Sept. 26, FIDO disclosed the first products had been certified under these new security standards, and that Google Chrome, Microsoft Edge and Mozilla Firefox browsers now support FIDO2. Once a website turns on support for FIDO2, consumers will be able to use on-device biometrics and other device authentication techniques instead of user names and passwords to access the site, FIDO noted.

“With FIDO2 the tech industry has, for the first time, established a technology standard for strong, phishing-resistant authentication on the web that promises better security and a better user experience,” said Brett McDowell, executive director of FIDO Alliance. “Any web application – consumer or enterprise, mobile or desktop – can now be enabled to take advantage of these innovations at Internet scale with full confidence that comes from an independent certification program designed and governed by their peers.” end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing