CloudGate BLOG

Stay up-to-date on Cloud Security, the most recent product updates, and the latest happenings on CloudGate.

[Special Topic] FIDO Alliance, A Joint Force to Proliferate Strong Authentication in Both Businesses and Government

FIDO Alliance

In view of increased attention on information security and demands on strong authentication, ISR is creating a news digest column on strong authentication. We will select a number of relevant topics and aggregate news about what is happening in the industry. The digests are meant to be informative yet we hope to give you some insights about the story.

 

The FIDO (“Fast IDentity Online”) Alliance is an industry consortium launched in February 2013. The alliance has now more than 200 members, including a broad group made up of predominant hardware, software, security, Internet service companies and financial groups.

 

Nowadays end users are whacked by maintaining numerous usernames and passwords, which are proven to be insecure, across various systems and services. Although strong authentication has been around for a while, the implementations have been highly platform-specific and the user experiences are far from consistent. FIDO alliance’s mission is to redress the lack of interoperability among strong authentication devices and services. On December 9, 2014, FIDO alliance announced its v1.0 specifications.

 

FIDO specifications are designed to incorporate a full range of authentication technologies commonly seen in the industry. Right now FIDO members are working and releasing authentication products and solutions based on biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, Bluetooth, and near field communication (NFC). The year of 2015 witnesses a number of significant releases of support of FIDO specifications including Microsoft, NTT Docomo, Google, Bank of America, and GitHub.

 

These trend setting releases certainly drew attention from administrations and federal IT departments who are looking to improve their security to settle increasing attacks and breaches. The National Institute of Standards and Technology (NIST) joined FIDO Alliance in June, 2015 and looked to become early adopters of new authentication solutions. National Cybersecurity Alliance and FIDO Alliance also held a seminar at Google’s Washington, D.C. office last week to advance the communication between government and private sector leaders. White House authorities recognized that the United States is facing threats that are beyond cyber vandalism. “We very much see cyberspace and the Internet as being at a strategic inflection point…We actually risk the Internet and cyberspace becoming a strategic liability. Our adversaries will be able to hold us at risk in cyberspace in a way that they cannot in any other area that we can think of. And that’s not an outcome that we want,” said Michael Daniel, White House Cybersecurity Coordinator. The federal government also stated during the seminar that it is revising NIST’s earlier iteration of SP 800-63 which is now considered not focused on actual solutions that are easy to deploy.

 

The Seminar also promoted the first Two-Factor Tuesday (#2FactorTuesday) which leads the National Cybersecurity Awareness Month set by President Obama.


 

References:
For businesses and government, the race is on to ditch the password
Cyber vandalism ‘the least of our worries,’ says White House cybersecurity coordinator
Revision could move NIST authentication guidance out of the weeds
NIST SP 800-63
NIST joins the FIDO Alliance
National Cybersecurity Awareness Month
FIDO Alliance October 6th Seminar Schedule

International #2FactorTuesday