Microsoft joins group seeking to replace passwords

FIDO Alliance gains software giant in fight to improve user security

Vault door

The FIDO Alliance, an industry group attempting to reduce the reliance on passwords, has been joined by Microsoft this week. The software group takes a seat at the Alliance's Board of Directors, where it will take a hand in shaping authentication standards.

Started in 2012, FIDO, which stands for Fast Identity Online, is hoping its specifications for devices and plug-ins will be widely adopted across the technology world over the next few years.

This depends highly on the voluntary adoption of these specifications by companies and organisations. The Alliance is, however, starting strong, with those participating in FIDO already including heavyweights Google, MasterCard, Lenovo, Infineon and LG.

Authentication hardware and software varies wildly, with many proprietary clients and protocols. FIDO hopes that by standardising these technologies there would be better interoperability between biometrics, personal identification numbers (PINs) and other authorisation technology.

Weaknesses

Usernames and passwords are the mainstay of most online services but are easy to intercept. Computer security experts have long warned of weaknesses, such as the setting of easy-to-guess phrases and reusing the same password across multiple Websites and services. A compromise of one account can often lead to a compromise of multiple others.

However, for password replacement technology to be widely adopted it needs to be both effective and simple for users.

FIDO aims at a software client that would be installed on computers to employ public key cryptography. All major Web browsers, they hope, would be supported. Their initial focus is on securing access through these browsers to applications. The group also plans security options for Android phones and eventually for Windows tablets and Apple products.

The FIDO group will eventually submit its protocol design to groups on Web standards, such as the Internet Engineering Task Force and the World Wide Web Consortium.