FIDO, the protocol behind Google's Security Key, expected to lead the anti-password push

Shawn Knight

Posts: 15,312   +193
Staff member

fido google security key samsung paypal password usb drive authenticator dongle fast identification online

Fast Identification Online, or FIDO for short, is the key protocol behind the Google Security Key USB drive announced in October. That device was part of a two-factor authentication system that assisted in verifying an identity when logging into Gmail, Chrome or any other Google account.

The group responsible for FIDO has now released version 1.0 of the open standard which means we'll be seeing a lot more devices utilize it in the coming months.

Google's Security Key was just one example of FIDO in action. Samsung's fingerprint reader also used the technology to let users log directly into the native PayPal app (after all, both Samsung and PayPal were early FIDO partners).

As The Verge points out, this isn't the first version of FIDO but it is the most efficient and stable. There's no shortage of big-name companies that are signed on including Google, Microsoft, Netflix, Visa and Bank of America, just to name a few.

Because it'll be a lot easier to implement, we can probably expect to see a flood of new phones and authenticator devices hit the market in the near future. And given the timing of recent hacks involving Target and Sony, it probably won't be too hard to convince the industry to move away from the ill-fated passwords we rely on today.

FIDO Alliance president Michael Barrett said they now are really within range of seeing the world changing and that's the exciting part.

Permalink to story.

 
I feel like for securitys sake, we should switch to a type of "plug" that doesnt have a security flaw its its fundamental firmware?
 
Nah, there is a security flaw with USB where malware/spyware can be loaded onto via this flaw.
Our company has just had a no USB device policy and restrictions implemented to prevent their use rolled out because of this. Don't think they'll be too keen to then rollout a system opening up USB again.
 
Note that there are two protocols - U2F (what Google is using with Yubico tokens) and UAF (what Paypay/Alipay use to authenticate users to their mobile phones + applications. This isn't just a Google focused standard (U2F) but also goes to a wider authentication ecosystem with UAF.
 
Back