Google Joins FIDO Alliance to Find Strong Password Authentication Alternatives
The FIDO Alliance is not a Fido / Fidonet; the current abbreviation is derived from the Fast Identity Online Alliance. FIDO Alliance is a community of technology companies that are looking for a reliable user authentication standard, and this standard, by design, should replace the passwords we are used to. Until today, the community included companies such as Agnito, Infineon Technologies, Lenovo, Nok Nok Nok Labs, PayPal, Validity and some others (the alliance was formed in July last year). Now, Google has joined the alliance (plus a few more partners).
The initial idea underlying the work carried out by the FIDO Alliance team is the development of a truly universal user authentication system, where a hardware-software complex is used instead of a password. It can be a hybrid system with a USB token and voice recognition, or NFC + one-time password, or all of this together. In general, there is no single standard yet, and the search for such a standard, truly universal, is underway. The problem is that the new way of user authentication must be as reliable, as practical. It is unlikely that an average citizen will use a system with tokens / biometrics / one-time passwords, multi-stage and complex.
Now the main working idea of the FIDO Alliance is to create a plug-in for the browser / browsers, which is always in touch with the Validation Service. When a user visits a site that supports a new authentication method, the system for the first time offers to create an account on a data control service and attach an authenticator. This can be, as already mentioned, a voice signal, or a one-time password, or a signal from a USB token. In the future, this authenticator will be used by this user to work with the corresponding services.
By the way, in January of this year, the “security department” of Google, that is, the security team, published a document with the proposed options for user authentication. For example, it can be the same USB token that connects to the corresponding port, and after that the user can work with any services that support this authentication method without making any unnecessary movements.
As a working moment, for discussion, the corporation also proposed something like a hi-tech ring that will always be with the user, allowing you to work with online services without having to enter passwords or send SMS messages.
The next meeting of alliance representatives will be held May 14-16 in San Francisco.