What ever happened to the 'FIDO Alliance' that was going to revolutionize authentication?

What ever happened to the "FIDO Alliance," that industry group that first showed up a year ago saying it was going to revolutionize e-commerce online authentication by promoting a new multi-factor authentication protocol? Turns out the revolution in security is slow in coming but they're making some progress.

The Fast IDentity Online Alliance, as it's officially known started with six founding members, including PayPal chief information security officer Michael Barrett and the start-up Nok Nok Labs, founded by Ramesh Kesanupalli, as a core technology provider. Nok Nok Labs is building prototype code to support the new authentication specification called the Online Security Transaction Protocol (OSTP).

The idea behind OSTP is it would add a way to let the user with a FIDO-enabled device to voluntarily go beyond simple passwords and logins to evoke a wide range of additional device information, ranging from the trusted platform module to a webcam or biometrics, in a cryptographic process to share that secret as part of a back-end authentication process. The value is creating a multi-factor process on the fly is it could make e-commerce transactions, in particular, much safer.

+ ALSO ON NETWORK WORLD: New FIDO Alliance pushing fast-identity' strong authentication protocol +

Today, the FIDO Alliance, based in Palo Alto, Calif., has grown to be about 100 members, including heavyweights such as Google and MasterCard. But progress has been slow on the technology front.

Rolling out the technology spec for such an ambitious project is taking longer than expected. A draft was just released for public review this week, and Phillip Dunkelberger, president and CEO of Nok Nok Labs, says it will probably be another 60 to 90 days before a final first version of the spec can be called ready.

He acknowledges things are over six months behind schedule in that regard, and as of yet, there is no big news related to how it would be commercialized by PayPal or anyone else. "There's nothing on the end user side yet," he admits.

But vendors are joining the FIDO Alliance left and right, with semi-conductor manufacturer ARM getting on board just this week.

And today Nok Nok Labs made available what it calls its NLL S3 Suite for authentication of Internet-scale applications and services. It includes components such as the Multifactor Authentication Server, with an Apple iOS and Android client piece, and a Windows 7 and 8 desktop edition. These components represent products based on the FIDO Alliance spec, and they can be licensed based on numbers of users.

Although it's slow going, there's momentum behind the scenes, and Nok Nok Labs, ever optimistic, goes so far as to predict that over the next 18 months, there could be between 200 million and 400 million FIDO-enabled devices in the market.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags FIDO AlliancesecuritypaypalWide Area Network

More about AppleGoogleIDGPayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place