The FIDO Alliance has announced two important new standards and certification initiatives that will build upon its existing work in strong, post-password authentication, with one focused on account onboarding and recovery, and the other aimed at authentication in the emerging Internet of Things.
The former is dubbed the “Identity Verification & Binding Working Group” (or “IDWG”), and will be headed by Mastercard’s Director of Product Development and Innovation, Rob Carter, and co-chair Parker Crockford, Onfido’s Director of Policy and Strategic Accounts. It’s work will seek to address a security issue that is fundamental to FIDO’s on-device approach to authentication: what happens when the device used for authentication is lost or compromised. In announcing the new working groups, the FIDO Alliance pointed to exciting new approaches to authentication that the Working Group will explore, such as selfie-based biometric identity verification revolving around a combination of facial recognition and document reading – an authentication method that has proven highly popular for customer onboarding in the financial services market in particular over the past couple of years.
Other organizations that have signed on to collaborate in the IDWG include Aetna, Google, Idemia, Lenovo, Microsoft, Nok Nok Labs, NTT DOCOMO, OneSpan, Phoenix Technologies Ltd., Visa Inc., Yahoo Japan, Yubico, and even the UK Cabinet Office.
FIDO’s other big new initiative is the “IoT Technical Working Group”, which will seek to address the dearth of standards in the burgeoning Internet of Things – a potentially critical security issue, given that the myriad devices connecting in the IoT could open the door to large-scale cyberattacks. This group is being headed by ARM Security Systems VP Marc Canel together with Giridhar Mandyam, Qualcomm’s Technology VP, and will also see the participation of Google, Idemia, Infineon Technologies, Intel Corporation, Lenovo, Microsoft, Nok Nok Labs, OneSpan, Phoenix Technologies, Yahoo Japan, and Yubico.
While FIDO’s primary focus will remain on its authentication standards programs, they will be used “as a foundation for this expanded work,” the alliance explained in its announcement. Participation in the new IDWG and IoT TWG initiatives is now open to all board- and sponsor-level FIDO members.