Nearly everyone agrees that passwords are the bane of Internet security. For years, industry thinkers have somewhat vaguely referenced the need for Internet fingerprints capable of reliably verifing identities online. Yet here we are, it’s 2013 and passwords remain the primary means of authenticating users onto networks and workstations.
Two groups today announced projects bent on taking passwords to the curb. The first is an industry group calling itself the FIDO (Fast IDentity Online) Alliance. It consists of the computer-maker, Lenovo, the security firm, Nok Nok Labs, the online payment giant, PayPal, the biometrics experts, Agnito, and the authentication specialists, Validity. The second is the Defense Advanced Research Project Agency (DARPA), a research and development arm of the Defense Department.
DARPA’s Active Authentication program initially sought to develop tools designed to protect desktop workstations. The program is entering its second phase, in which the agency is calling for research that sets out to establish behavioral biometrics based on discernible cognitive processes and the observable ways that users naturally interact with their environment while using their computing devices. The Active Authentication program will also need to develop what DARPA is calling a “biometric platform,” that integrates all available biometrics into a single device that carries out the actual business of authentication.
“In this respect, the application is trying to identify you by looking at all available aspects of you, not just a single sensor connected to the device,” the report explains.
“We have received a large number of really creative approaches to the desktop security problem,” said DARPA program manager Richard Guidorizzi. “We are looking to tap into some more of this creativity to create truly robust solutions for DoD mobile platforms.”
The FIDO Alliance on the other hand is interested in establishing a standard of interoperable authentication schemes. Theirs isn’t a single technological solution but an open protocol that can absorb new authentication technologies into an single infrastructure where they can work in concert with existing technologies like USB tokens, one time passwords, and near field communications among others.
The alliance claims that as they attract new member-organizations with unique needs they will incorporate new solutions into and broaden the utility of the FIDO protocol.
“The formation of the FIDO Alliance addresses a longtime, critical need for technology providers and their users: stronger security that is easier to use,” said Phillip Dunkelberger, Nok Nok Labs CEO and founding FIDO Alliance member. “From day one, through our Unified Authentication Infrastructure, we are developing solutions that will deliver on the vision of the FIDO Alliance.”
DARPA hosted a proposal day on Friday and has posted a broad agency announcement describing their program in full on the Federal Business Opportunities website.
Other password-free authentication propositions have included everything from biometric identifiers to the creation of specialized software capable of reading microscopic and uncontrollable markings left upon graphics processors during the manufacturing process.