PayPal CISO hopes FIDO Alliance can help replace weak passwordsDate: Mar 19, 2013
SAN FRANCISCO -- Few enterprises understand the problems and pain points associated with weak passwords like PayPal Inc. For years the financial services company and its chief information security officer, Michael Barrett, have been searching for ways to mitigate or sidestep password security issues, especially password reuse.
"Probably more than 50% of our customers are using the password they use for [PayPal] everywhere else on the Internet," Barrett said, "so that means the safety of their PayPal accounts is in some sense as weak as the weakest place they've ever been on the Internet."
With the launch of the Fast IDentity Online (FIDO) Alliance, however, Barrett believes FIDO's set of open standards for the interoperability of next-generation authentication technologies will enable viable ways to replace the password, particularly for online authentication.
In this interview, conducted at the 2013 RSA Conference, Barrett, who is also president of the FIDO Alliance, discusses the group's two-year evolution, how it seeks to address the online authentication security issues faced by companies like PayPal, and when FIDO Alliance-driven technology will appear across the Internet.