Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year, is working to make two-factor authentication the default mechanism for authentication through the establishment of an open standard for strong authentication.
Google has been working to make passwords obsolete for some time now. It has introduced two-factor authentication for its Gmail service, giving users the ability to enable an option that requires the use of a one-time code in addition to their normal password in order to sign in to their accounts. Other vendors, including Apple and Facebook, have followed suit. But none of those vendors have made two-factor authentication the default mode.
The FIDO Alliance is seeking to help make two-factor authentication a more mainstream thing through the development of an open standard for the use of various strong authentication technologies such as TPMs (trusted platform modules), hardware tokens and others.
“The formation of the FIDO Alliance addresses a longtime, critical need for technology providers and their users: stronger security that is easier to use,” said Phillip Dunkelberger, Nok Nok Labs CEO and founding FIDO Alliance member. “From day one, through our Unified Authentication Infrastructure, we are developing solutions that will deliver on the vision of the FIDO Alliance.”
Google’s involvement lends some major muscle to the effort. The company already has gone pretty far down the road toward developing strong authentication systems and has significant engineering and security resources to contribute to the project.
“Joining the FIDO Alliance is a great way to increase industry momentum around open standards for strong authentication,” sayid Sam Srinivas, Product Management Director for Information Security at Google and FIDO Alliance Board Member. “We look forward to continuing our current development work on strong, universal second-factor tokens as part of a new FIDO Alliance working group.”
The standard that FIDO is working on would support a range of technologies, including one-time passwords, near-field communications (NFC) and other alternatives. It’s not clear how soon the standard will be ready.