nobeastsofierce - Fotolia
An independent firm recently reviewed the FIDO 1.0 Universal Authentication Framework and Universal 2nd Factor specifications. What are the main takeaways from this review for enterprises considering FIDO-based authentication technology?
The FIDO Alliance is just one piece of a new emerging ecosystem for strong identities in cyberspace. FIDO's contribution focuses on standardizing strong authentication for individuals. The FIDO 1.0 Universal Authentication Framework (UAF) allows a user to use a strong, two-factor authentication credential for many of the FIDO Alliance's 150 members, and other companies that may eventually adopt the FIDO authentication framework.
The UAF uses two-factor credential services, including biometric interfaces -- like retina, fingerprint or voice recognition -- provided by newer mobile devices, or can use a software or hardware token as the second factor. Since the two-factor check is conducted on the user's mobile device or workstation, service providers aren't required to maintain this data for authentication purposes. This reduces a service provider's risk of breach of the user's credentials and more fully protects the individual's information.
A typical use-case is a user who wishes to securely log onto a FIDO member's company website. Upon the user logging in with a username and password, a FIDO-enabled authentication message is sent to the user's mobile phone for verification. In this case, the user places his thumb on the mobile phone's fingerprint reader, and a response is sent back to the company's application -- any number of biometric and two-factor authentication technologies are supported. Back at the application, upon positive acknowledgement from the mobile device, the user is then allowed access to the site. While this capability is available on many sites today, the FIDO Alliance is working toward a standardized framework that can be used by many applications supported by a multitude of vendors.
What's your question?
Got a question about identity and access management technology and strategy in your organization? Submit your question via email today and our experts will answer it for you. (All questions are anonymous.)
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Randall Gamby
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to ... Continue Reading
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise ... Continue Reading
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading