- Jan 24, 2011
- 9,378
Microsoft has become a member of the FIDO (Fast IDentity Online) Alliance, a non-profit group working to design better and more standardised methods of checking identity across the internet.
The operating system, software and mobile giant joins fellow tech juggernaut Google as a member of FIDO's board of directors, according to an announcement [PDF] issued this week by the Alliance.
FIDO was set up in July 2012 by a group including online payment processor PayPal, hardware maker Lenovo and a handful of specialist authentication firms.
Since then membership has swelled to include the likes of once-dominant mobile firm BlackBerry, global payment colossus MasterCard and a raft of firms working in the fields of identity, biometrics and authentication.
The mission of the Alliance is to combat the inherent weakness of the current standard authentication method, the username/password combo.
The problems with the old approach are many and severe, with humansseemingly incapable of maintaining good password hygiene, and businesses similarly wobbly when it comes to keeping their password databases secure.
FIDO's answer is a set of standards and specifications for an authentication system based on public key infrastructure (PKI), which is still under development.
The idea is that once hardware, software and online service providers agree and adopt the standard, users should be able to use a unified system to prove they are who they say they are, to any and all services they use online.
It will work by generating key pairs for each site or service you use - the private (or "secret") key stays with you, and the public key is handed over. Then each time you want to access the site, it presents you with a challenge encrypted with your public key, which can only be decrypted by the holder of the private key, ie: you.
Read more: http://nakedsecurity.sophos.com/201...n-the-fight-for-simpler-safer-authentication/
The operating system, software and mobile giant joins fellow tech juggernaut Google as a member of FIDO's board of directors, according to an announcement [PDF] issued this week by the Alliance.
FIDO was set up in July 2012 by a group including online payment processor PayPal, hardware maker Lenovo and a handful of specialist authentication firms.
Since then membership has swelled to include the likes of once-dominant mobile firm BlackBerry, global payment colossus MasterCard and a raft of firms working in the fields of identity, biometrics and authentication.
The mission of the Alliance is to combat the inherent weakness of the current standard authentication method, the username/password combo.
The problems with the old approach are many and severe, with humansseemingly incapable of maintaining good password hygiene, and businesses similarly wobbly when it comes to keeping their password databases secure.
FIDO's answer is a set of standards and specifications for an authentication system based on public key infrastructure (PKI), which is still under development.
The idea is that once hardware, software and online service providers agree and adopt the standard, users should be able to use a unified system to prove they are who they say they are, to any and all services they use online.
It will work by generating key pairs for each site or service you use - the private (or "secret") key stays with you, and the public key is handed over. Then each time you want to access the site, it presents you with a challenge encrypted with your public key, which can only be decrypted by the holder of the private key, ie: you.
Read more: http://nakedsecurity.sophos.com/201...n-the-fight-for-simpler-safer-authentication/
