"Fast Identity Online" Is the Go-To Standards Alliance in Protocols for Modern Identity Management
The FIDO Alliance – for Fast IDentity Online – is a fresh, fast growing consortium of security vendors and end users working out a new suite of protocols and standards to connect authentication endpoints to services. With an unusual degree of clarity in this field, FIDO envisages simply “doing for authentication what Ethernet did for networking”.
Launched in early 2013, the FIDO Alliance has already grown to nearly 70 members, amongst which are heavyweights like Google, Lenovo, MasterCard, Microsoft and PayPal as well as a dozen biometrics vendors and several global players in the smartcard supply chain.
FIDO is different. The typical hackneyed elevator pitch in Identity and Access Management (IDAM) promises to “fix the password crisis – usually by changing the way business is done. Most IDAM initiatives unwittingly convert clear-cut technology problems into open-ended business transformation problems. In contrast, FIDO’s mission is refreshingly clear cut: it seeks to make strong authentication interoperable between devices and servers. When users have activated FIDO-compliant endpoints, reliable fine-grained information about their client environment becomes readily discoverable by any servers, which can then make access control decisions, each according to its own security policy.
With its focus, pragmatism and critical mass, FIDO is justifiably today’s go-to authentication industry standards effort. In this report, Constellation looks at what the FIDO Alliance has to offer vendors and end user communities and its likely critical success factors. While it’s early days and FIDO is tracking strongly, we offer some suggestions to strengthen its base in the short term.
The “password crisis” refers to the great difficulty faced by many online users in remembering so many account names and passwords and complying with arcane password rules, such as composing hard-to-guess phrases, including characters and numbers and supposedly changing their passwords periodically.