Google joins FIDO Alliance to find a reliable alternative to user password authentication.

FIDO Alliance is not Fido, the current abbreviation is derived from the Fast Identity Online Alliance. The FIDO Alliance is a community of technology companies that are searching for a reliable user authentication standard, and this standard is supposed to replace the passwords we are used to. Until today, the community included such companies as Agnito, Infineon Technologies, Lenovo, Nok Nok Labs, PayPal, Validity, and some others (the alliance was formed last July). Now, Google has joined the alliance (plus several other partners).

The initial idea behind the work carried out by the FIDO Alliance team is the development of a truly universal user authentication system, where a hardware and software complex is used instead of a password. It can be a hybrid system with a USB token and voice recognition, or an NFC + one-time password, or all of this together. In general, there is no single standard, and the search for such a standard, truly universal, is underway. The problem is that a new user authentication method must be as reliable, as practical. It is unlikely that the average citizen will use a system with tokens / biometrics / one-time passwords, multi-step and complex.
')
Now the main working idea of ​​the FIDO Alliance is to create a browser plug-in / browser, which is always in touch with the data control service (Validation Service). When a user visits a site that supports a new authentication method, the system for the first time offers to create an account on a data control service, and attach an authenticator. This can be, as already mentioned, a voice signal, or a one-time password, or a signal from a USB token. In the future, this authenticator will be used by this user to work with the corresponding services.

By the way, in January of this year, the “security department” of Google, that is, the security team, published a document with the proposed user authentication options. For example, it can be the same USB token that connects to the appropriate port, and after that the user can work with any services that support this authentication method without making any unnecessary movements.

As a working moment, for discussion, the corporation offered something like a hi-tech ring, which will always be with the user, allowing you to work with online services without having to enter passwords or send sms-messages.

The next meeting of representatives of the alliance will be held May 14-16 in San Francisco.

Via theverge