FIDO Alliance Says, 'Forget Passwords!'
The username-password approach to online security is more problem than cure, according to Fast Identity Online, a new industry alliance that plans to streamline and enhance online authentication with an open, standards-based protocol.
Tue, February 12, 2013
CIO — If there's one thing that's become clear in the past several years, according to PayPal CISO Michael Barrett, it's that usernames and passwords—originally conceived in the era of centralized mainframes—have become more of a liability than a protection online.
"There have been a number of significant site breaches over the last couple of years," Barrett says. "Large quantities of user IDs and passwords have been stolen by criminals. We finally have a large corpus of reliable data about the scale of the problem with regard to how often users share their passwords across multiple sites on the Internet."
CEO of startup Nok Nok Labs
(a founding member of the FIDO Alliance)
"It would seem as if two-thirds of the Internet users use the same password everywhere they go on the Internet," he adds.
And that, of course, means users are far less secure than they may think. After all, their security is only as good as that of the least secure place on the Internet that they use. Reuse, malware and phishing leaves users and enterprises vulnerable to financial fraud and identity theft.
FIDO Alliance Aims to Replace Passwords
A number of Internet companies, system integrators and security providers have decided it's time to replace the 50-year-old password technology we rely on with more robust authentication methods. The Fast Identity Online (FIDO) Alliance is an organization with the goal of revolutionizing online authentication with an industry-supported, standards-based open protocol that not only makes users more secure but is also easy and convenient to use.
"The Internet—especially with recent rapid mobile and cloud expansion—exposes users and enterprises, more than ever before, to fraud," says Barrett, who is also the FIDO Alliance president. "It's critical to know who you're dealing with on the Internet. The FIDO Alliance is a private sector and industry-driven collaboration to combat the very real challenge of confirming every user's identity online."
"By giving users choice in the way they authenticate and taking an open-based approach to standards, we can make universal online authentication a reality," he adds. "We want every company, vendor and organization that needs to verify user identity to join us in making online authentication easier and safer for users everywhere."