PayPal and Lenovo have joined with other Internet and security companies to form the Fido Alliance (Fast Identity Online) with the aim of replacing password-based log-ins with an industry-supported open protocol tied to the actual device used to access online services.
Fido's standards-based approach automatically detects when a Fido-enabled device is present, and offers users the option to replace passwords with authentication methods embedded in the hardware. The standard will support a full range of technologies, including biometrics such as fingerprint scanners, voice and facial recognition, as well as existing authentication techniques, such as Trusted Platform Modules, NFC, one-time passwords and security tokens.
Vendors signing up to Fido must install the necessary protocols on their servers and convince users to install new authentication software on their Internet-connected phones and computers where it is not already available.
Michael Barrett, Fido Alliance president and PayPal chief information security officer, says: "By giving users choice in the way they authenticate and taking an open-based approach to standards, we can make universal online authentication a reality. We want every company, vendor, and organisation that needs to verify user identity to join us in making online authentication easier and safer for users everywhere."
He says Fido-compliant smartphones, tablets, PCs and laptops can replace password dependency and exposure of sensitive user information by automatically and transparently providing user credentials when they're required.
The approach has won the support of Lenovo, the world's second-largest PC manufacturer. Mark Cohen, VP and general manager, ecosystem and monetization, Lenovo, says: "Recognising that our customers wanted more than just passwords for authentication, we began shipping ThinkPad PCs with integrated fingerprint readers nearly a decade ago. We are excited about the new Fido standard because it enhances both security and convenience, enabling biometric and other forms of authentication to take place directly between the user and the service that he or she is trying to use."
Other Alliance participants include biometric vendors Agnitio and Validity Sensors and server authentication start-up Nok Nok Labs. Fido is inviting other companies to join the effort in a bid to create a global standard.