On-Device Biometrics Month: The Rise of FIDO

As we suggested in our Primer for On-Device Biometrics Month, a lot of companies have embraced the idea of performing biometric authentication entirely on a user’s device, and making sure the user’s data stays there. But in this particular area of digital security, there may be no more important organization than the FIDO Alliance.

Founded in early 2013 by a consortium of tech companies – Nok Nok Labs, Validity Sensors, Infineon, Lenovo, PayPal, and Agnitio – the FIDO Alliance’s mandate was and remains to promote the use of strong, post-password authentication practices. And from the beginning, the Alliance championed the on-device approach, arguing that user data cannot be intercepted or hacked from a server if it stays put on the user’s device.

The FIDO Alliance is now one of the most influential cross-industry alliances in the world of digital security. There are a few key ways in which FIDO is important, but its signature work lies in developing and promoting strong, global standards for digital authentication. It launched its FIDO UAF and U2F standards back in December of 2014, and these were rapidly embraced by a range of tech companies and solutions providers, with the ecosystem of FIDO Certified solutions having reach 100 by January of 2016; now, there are well over 500.

A Flourishing Ecosystem

On that note, taking stock of how many organizations have embraced FIDO standards – including the recently-launched FIDO2 specification – offers a strong indication of just how influential the Alliance has become. A number of devices from high-profile tech companies, for example, have attained FIDO Certification.

Google Turns Android 7+ Phones Into FIDO2 Devices

Precise Biometrics Fingerprint Software Powers a Smart Door Lock and a New FIDO2 Security Key

eWBM’s Goldengate Fingerprint Reader is First to Get FIDO L2 Certification

Galaxy S10’s Qualcomm In-Display Sensor is First to Get FIDO Biometric Component Certification

But it isn’t just consumer devices that are taking advantage of FIDO standards. Major enterprise-facing security solutions like Aware’s Knomi system, which leverages facial and voice recognition for smartphone-based authentication in the enterprise, have also eagerly sought FIDO Certification; and there are entire software platforms, from major web browsers to a security apparatus embedded in the Windows 10 operating system, that also proudly advertise their FIDO credentials.

Microsoft’s Biometric Security Platform Gets FIDO2 Certification

Entire Android Platform Receives FIDO2 Certification

All Major Browsers Now Offer FIDO2 Support

Nok Nok Labs Gets FIDO2 Certification, Launches Developer Program

Knomi Biometric Authentication Platform Scores FIDO UAF 1.1 Certification

Widely Recognized Standards

Another indication of FIDO’s influence can be seen in the broader embrace of its authentication and security standards by organizations outside of the traditional commercial tech sector. These include government agencies, internet standards bodies, and even social media platforms. All recognize that FIDO’s standards have a vital role to play in keeping end users’ data safe and secure.

Goodbye Passwords: FIDO’s WebAuthn Specification Gets W3C Stamp of Approval

UN ICT Agency Certifies FIDO Standards

Government Report Urges IRS to Consider FIDO Security for Taxpayers

Twitter Suggests FIDO U2F Keys for User Security

Influence Through Advocacy

FIDO wouldn’t have attained such broad support for its standards if its work began and ended at creating them. The consortium also works very hard to promote them. FIDO has established regionally-focused working groups over the last few years that are aimed at encouraging the adoption of strong authentication standards among domestic IT leaders, for example. It has also submitted proposals to other standards bodies and worked with other cross-industry alliances to further promote awareness about strong on-device authentication. This kind of advocacy work has played an important role in shaping the broader digital landscape for end users all over the world, and has brought greater attention to post-password, on-device security.

EMVCo, W3C, and FIDO Alliance Form Online Payments Security Interest Group

FIDO Urges Against Allowing Screen Scraping in PSD2

FIDO Submits Token Binding Specification to IETF Editor

FIDO Alliance Highlights APAC Growth at Turn of Year

FIDO Celebrates Growth of EU Working Group

FIDO Japan Working Group Saw Robust Growth, Activity Over 2017

FIDO’s Door is Always Open

And related to these efforts is FIDO’s collaborative work with private companies in the tech world. The Alliance pretty much has an open door policy when it comes to partnerships: If you’re interested in promoting stronger authentication in the digital world, FIDO’s ready to work with you. That attitude has brought major players to FIDO’s Board of Directors, and has also raised the profile of iBeta, a prominent quality assurance lab that has become the first of its kind accredited by FIDO.

Onfido Joins FIDO Board of Directors

FIDO Alliance Adds eWBM to its Board of Directors

Facebook Joins FIDO Board of Directors

Amazon Joins FIDO Board of Directors

FIDO Alliance Launches Certification Program for Biometric Authentication Tech

iBeta Quality Assurance is Accredited for FIDO’s Biometrics Certification Program

All of these activities have helped to make the FIDO Alliance a juggernaut in the fight against passwords, and in the more subtle debate over how to handle biometric data for authentication. If you’re a proponent of on-device biometrics, FIDO is your friend.

*

On-Device Biometrics Month is made possible by our sponsor: Aware, Inc.

—

May 9, 2019 – by Alex Perala