A coming web standard being pursued by the FIDO Alliance seeks to enable much wider use of biometric sensors to access accounts. FIDO should reduce, if not eliminate all together, the use of passwords to access accounts on mobile devices. The initial FIDO-equipped Android devices are on track to roll out in early 2014.
Michael Barrett cringes every time he has to enter a password on his smartphone. But six months from now, Barrett says, he will be able to choose from the latest Android models that will come equipped with a biometric sensor capable of letting him swipe his fingerprint to access a wide range of his online accounts.
That’s the scenario being proactively pursued by the FIDO Alliance, a group of 48 tech companies, led by PayPal and Lenovo, hustling to implement a milestone technical standard.
“The intention of FIDO is absolutely that it will allow consumers to have access to mobile services that they can use with very low friction, while keeping good security ,” says Barrett, president of the FIDO Alliance. “That’s explicitly what we want to build.”
As FIDO gains traction, it should radically change mobile computing, much as the Wi-Fi standard did.
FIDO should reduce, if not eliminate all together, the use of passwords to access accounts on mobile devices.
Apple’s latest iPhone model features a much-ballyhooed fingerprint sensor, called Touch ID, that can be used to lock and unlock the phone, as well as authenticate the user to purchase digital media on iTunes.
Touch ID is not FIDO compliant.
Apple spokeswoman Natalie Kerris declined to comment.
However, Barrett says Touch ID could easily be adapted to FIDO. “Our view is that it’s possible Apple might choose to start using FIDO, but that’s probably a couple of years out.”
Meanwhile, Barrett is on a mission to get other hardware makers and online companies to arrive at a consensus on common rules of the road for enabling consumers to use their computing devices — be it a smartphone, touch tablet , laptop or desktop PC — more centrally in the authentication process.
Biometric sensing technology is well understood. Yet, passwords — and poor password habits — remain central to accessing online accounts. This has made it all too easy for cybercriminals.
“We make tradeoffs to balance security with convenience,” says Manoj Nair, general manager of identity trust management at RSA.
“The next generation of identity protection will allow us to be more convenient and secure at the same time,” Nair says.
That’s where FIDO comes in. The alliance is hashing out an open standard that any company can adopt. So a music service or online banking site will be able to recognize the unique characteristics stored on a PC’s security chip or a smartphone’s biometric sensor, as long as all parties adhere to FIDO.
The alliance officially launched in February with a handful of founders and has grown rapidly.
The initial FIDO-equipped Android devices, along with an array of commercial services using the FIDO protocols, are on track to roll out in early 2014, Barrett says.