A group of major Internet companies back in July 2012 formed the FIDO alliance (Fast IDentity Online). This group is dedicated to developing authentication methods that are more secure, yet easier to use than traditional passwords. The alliance consists of PayPal, Nok Nok Labs, Lenovo, Validity, Agnitio and Infineon Technologies (News - Alert).
Passwords have many problems that hinder their effectiveness as an authentication technique. Many people use the same password in multiple environments because remembering a separate password for each environment is too difficult. The problem with this approach is that once a password to one site is compromised, it's easy to compromise others. Improving security by attempting to change user behavior has failed in the past and continues to fail now.
Phising and malware are common methods used to compromise passwords, but they would not be effective in a FIDO authentication environment.
Although talk of a definitive FIDO standard is premature at the moment, the standard is expected to use biometrics like fingerprints, eye scans and voice recognition. Current technologies like trusted platform modules, USB security tokens and one time passwords are possibilities. The standard will also be flexible enough to allow for future technological advances.
According to a Yahoo article, Sally Hudson, IDC (News - Alert) research director, Security Products and Services, expects growth in strong authentication technology over the next few years:
"IDC forecasts the strong authentication market to realize more than $2.2 billion in revenues alone by 2016. This demand is driven by social networking, internet, cloud and mobile, all of which will require higher and higher levels of authentication by governments, corporations and consumers."
Compliance with a FIDO protocol can be implemented on mobile devices like phones, laptops and tablets. Once these devices become FIDO-compliant, password dependency becomes obsolete.
The concept of a FIDO standard seems like a step in the right direction for authentication. It is harder to hack someone's fingerprint or voice than to phish for a password that an unwitting user provides. On the other hand, privacy has to be a huge concern. In a given day, a person may use a fingerprint scan to enter a health club, another biometric to order a book from Amazon, and a retinal scan to deposit money into their bank account online. The last thing anyone needs is a centralized mechanism tracking all their FIDO-compliant authentications from day to day.