Just last week I ran across an article regarding the FIDO Alliance. FIDO -- which stands for "Fast Identity Online" -- was created about 18 months ago to address the problem of a lack of interoperability amoungst strang authentication standards/controls/technologies online. The typical solution to this problem has been multiple authentication credentials...which has lead to weak passwords and the use of a single password across multiple accounts (both conditions which actually weaken security). The FIDO alliance seeks to correct this problem by promulgaring strong open authentication standards which can be utilized across multiple technologies on multiple platforms. Currently the FIDO Alliance has begun conformance and interoperability testing for its Universal Authentication Framework and Universal Seconf Factor products
So...why should we care? Several reasons:
- The FIDO Alliance has attracted some heavy hitters in the heavily-regulated payments industry such as Mastercard, PayPal, and Oberthur Technologies
- Michael Barrett, former CISO of PayPal, is president of the alliance. Love him or hate him, Mr. Barrett has always taken a thought-leading approach to security issues. He's worth listening to/paying attention to.
- Multiple passwords are the bane of a security professionals' existence, yet we haven't yet solved the problem; the Alliance's structured approach signals a beginning to a potentially viable solution.
- The FIDO solutions represent a potential beginning to the long talked-about concept of "bring your own IDENTITY" which has been banted about in recent months. BYOI's problem centers around how we truly federate identity across disparate platforms and providers. FIDO's standards an tools seek to solve this problem. If they are even mildly successful, it could be a truly seed-changing leap in how we approach issues of security, authentication, and compliance.
Information about FIDO can be found here. Keep an eye on these guys!
No comments:
Post a Comment