The Importance of FIDO Alliance Standards
The FIDO (Fast Identity Online) Alliance is a non-profit organization that was formed in 2013. The alliance's goal is to change the way we authenticate online by developing open standards that replace passwords with stronger forms of authentication.
Currently, there are over 250 members of the FIDO Alliance, including technology leaders such as Google, Microsoft, and Amazon. In addition, major financial institutions such as Visa, Mastercard, and PayPal have also joined the alliance.
The adoption of FIDO standards is important for both businesses and consumers. For businesses, FIDO authentication can help to reduce fraud and increase security. For consumers, FIDO authentication can make it easier and more convenient to login to websites and apps.
FIDO Authentication Standards
There are two main types of FIDO authentication: public key cryptography (PKC) and near-field communication (NFC).
PKC is a type of authentication that uses a pair of cryptographic keys, one public and one private. The public key can be shared with anyone, while the private key must be kept confidential. PKC is used for both digital signatures and encryption.
NFC is a type of short-range wireless communication that allows two devices to exchange data over a distance of less than four inches. NFC is typically used for contactless payments but can also be used for other purposes such as identity verification.
The latest version of the FIDO standards is called FIDO2.
FIDO2 includes two new technologies:
WebAuthn is a browser-based API that allows websites to use stronger forms of authentication such as biometrics or PKC.
CTAP2 is an API that allows external devices such as security keys or tokens to be used for authentication.
The advantages of using FIDO standards
Stronger security: With FIDO2 standards, businesses can now offer their customers more secure forms of authentication such as biometrics or PKC instead of passwords. This can help to reduce fraud and improve security overall.
Greater convenience: For consumers, being able to use their biometrics or a security key for authentication purposes is much more convenient than having to remember multiple passwords. In addition, the use of NFC for contactless payments is also more convenient than traditional methods such as cash or credit cards.
Improved user experience: The adoption of FIDO standards can improve the overall user experience for both businesses and consumers alike. For businesses, this can mean fewer customer support issues related to password resetting or account recovery. For consumers, this can mean fewer forgotten passwords and a smoother overall experience when using online services.
Disadvantages of using FIDO standards
Potential Phishing Attacks: One potential downside of using WebAuthn is that it could make users more susceptible to phishing attacks. This is because WebAuthn relies on Public Key Credentials (PKC), which can be spoofed if an attacker has access to the user's private key. To mitigate this risk, it's important for businesses to educate their employees about how to spot phishing attacks and what steps to take if they believe they've been targeted.
Overall, the adoption of FIDO standards is important for both businesses and consumers alike. The benefits outweigh the potential risks, making it crucial for companies to start implementing these standards as soon as possible.
Vivian van Zyl