FIDO Publishes Final 1.0 Specification Drafts, Kills Passwords

Mobile ID Industry News Roundup: PayPal Leadership, Touch ID and Concern Versus ActionToday the FIDO Alliance has reached a major milestone. The consortium, which was formed in February of 2013 in a collective effort to replace passwords with strong authentication, has published final drafts of its two specifications: Universal Authentication Framework (UAF) and Universal Second factor (U2F).

President of FIDO, Michael Barrett, said that the publishing of these final 1.0 drafts marks the historical moment after which antiquated security of passwords and PINs will “wither and die.”

He expands: “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet services and digital commerce.”

The final FIDO drafts describe a new security standard for online authentication. Current implementations of FIDO specifications are already on the market, with Nok Nok Labs, Synaptics, Alibaba, PayPal, Samsung, Google, Yubico and PlugUp all having taken up the post-password torch. FIDO Ready products allow for biometrics and hardware tokens to replace (in the case of UAF) or heavily bolster (in the case of U2F) passwords and PINS.

According to Brett McDowell, executive director of the FIDO Alliance, this achievement was made possible through the collaboration of the group’s many members. FIDO Alliance members are dedicated to working together in pursuit of their common goal, and the final drafts are a fruit of their labor.

“Our members’ determination, cooperation and tireless perseverance have delivered this landmark accomplishment in less than two years from announcing the FIDO Alliance and its goal to develop industry open standards for interoperable, privacy ­respecting strong authentication,” says McDowell. “I applaud and congratulate the members of the FIDO Alliance on these accomplishments, and look forward to our continued collective effort to bring FIDO­enabled experiences to the global marketplace in 2015 and beyond.”

As the 1.0 implies, the FIDO milestone is just the beginning of what will likely be a continuing journey of security evolution. Indeed, in the Alliance’s announcement FIDO mentioned that extensions of the standards are nearing completion and will incorporate NFC and Bluetooth technology into the war on passwords, which seems to be finally nearing an end.