Most people around the world recognize “FIDO” as a famous Italian dog from the 1940’s for his unwavering loyalty to his dead master. However, every Chief Information Security Officer (CISO) and IT Security professional should know of a different FIDO; specifically, the FIDO Alliance.
The FIDO Alliance
If you haven’t heard of the the Fast IDentity Online (FIDO) Alliance before, then you will be happy to learn about them now. The FIDO Alliance is an open industry association with more than 250 company members, including Aetna, Amazon, American Express, Bank of America, Facebook, Google, Intel, Mastercard, Microsoft, PayPal, Samsung, and Visa. FIDO has a focused mission on opening authentication standards to help reduce the world’s dependence on passwords as a means of cyber identity authentication.
We have talked before about life beyond passwords, and the FIDO alliance was born to help make that a reality. According to the fidoalliance.org website:
“The FIDO Alliance is working to change the nature of authentication with open standards that are more secure than passwords and SMS OTPs, simpler for consumers to use, and easier for service providers to deploy and manage.
The FIDO Alliance works to fulfill its mission by:
- Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users
- Operating industry certification programs to help ensure successful worldwide adoption of the specifications
- Submitting mature technical specification(s) to recognized standards development organization(s) for formal standardization”
For implementing authentication beyond a password (and perhaps an OTP), companies have traditionally been faced with an entire stack of proprietary clients and protocols. FIDO changes this by standardizing the client and protocol layers. This ignites a thriving ecosystem of client authentication methods such as biometrics, PINs and second–factors that can be used with a variety of online services in an interoperable manner. There are three core ideas driving FIDO:
- Ease of use
- Privacy and security
No Passwords. Ever.
The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button.
The passwordless FIDO experience is supported by the Universal Authentication Framework (UAF) protocol. In this experience, the user registers their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. The UAF protocol allows the service to select which mechanisms are presented to the user.
Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. The user no longer needs to enter their password when authenticating from that device. UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN.
Development and deployment of FIDO Authentication solutions bring four key benefits to IT vendors, enterprises, service providers and the industry at large, including:
- Stronger account/transaction security
- Improved user experience
- Improved ROI in authentication
- Reduced risk of fraud
Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.
Acceptto recognized early on the value of the FIDO Alliance. That is why we attained FIDO certification. The FIDO Certified program provides assurance of product compliance to roll out FIDO Authentication using Acceptto’s enterprise identity authentication security solution.
For more information specifically about Acceptto’s FIDO solution you can download our whitepaper here. Or, you can check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.