WHAT IS FIDO
The FIDO Alliance is a consortium of more than 250 company members, including Aetna, Amazon, American Express, Bank of America, Facebook, Google, Intel, Mastercard, Microsoft, PayPal, Samsung, and Visa.
FIDO PASSWORDLESS USER EXPERIENCE
The passwordless FIDO experience is supported by the Universal Authentication Framework (UAF) protocol. In this experience, the user registers their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. The UAF protocol allows the service to select which mechanisms are presented to the user.
Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. The user no longer needs to enter their password when authenticating from that device. UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN.
HOW IT WORKS
The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button.
REASONS FOR IMPLEMENTING FIDO AUTHENTICATION
The core ideas driving FIDO are (1) ease of use, (2) privacy and security, and (3) standardization. For implementing authentication beyond a password (and perhaps an OTP) , companies have traditionally been faced with an entire stack of proprietary clients and protocols. FIDO changes this by standardizing the client and protocol layers. This ignites a thriving ecosystem of client authentication methods such as biometrics, PINs and second–factors that can be used with a variety of online services in an interoperable manner.
Development and deployment of FIDO Authentication solutions bring myriad benefits to IT vendors, enterprises, service providers and the industry at large, including:
Stronger account/transaction security
This results in lower loss rates and fewer problems to mitigate and will bring the possibility of improved customer loyalty and less churn. Improved authentication will also reduce risk and enable new business models and revenue streams.
Improved return of investment in authentication
The costs associated with the deployment and support of new solutions will be significantly reduced in comparison to current proprietary approaches which connect a single device type to a single application. System management functionality will be provided by the FIDO infrastructure, rather than having to be built by each application developer.
Improved user experience
The FIDO solution enables businesses to improve convenience for both customers and employees. As users no longer need to remember complex passwords, user provisioning is therefore simplified and the cost associated with remote password resets will be drastically reduced.
Reduced risk of fraud
Users of all FIDO-enabled websites and cloud or mobile applications will enjoy a reduced risk of identity fraud, with the convenience of having less reliance upon passwords. Trust in online systems will grow again as a result of consistent user experiences and higher security.