Microsoft Wants To Get Rid of Passwords, Joins Group

News
By Kevin Parrish
published

Microsoft has joined a group that wants to eliminate passwords.

The FIDO Alliance, short for Fast IDentity Online, announced that Microsoft has joined as a member of the Board of Directors.

The FIDO Alliance is an industry group launched in July 2012 that's attempting to set industry-wide open standards to reduce the need for passwords. Microsoft joins Google, BlackBerry, Lenovo, MasterCard, LG Electronics and many other industry leaders in making FIDO specifications the global standard for post password authentication.

"Open FIDO specifications will support a full range of authentication technologies for operating systems, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC)," reads the press release (PDF).

Username and password combinations underpin most online services. Unfortunately, they can be easy to intercept, thus security experts have warned for years that passwords can't protect user data if they're easy to guess or if the user provides the same one across multiple accounts. However, providing biometric or personal information to a website will not be required when using FIDO authentication.

As the IDG News Service points out, password replacement technology will need to be both simple and effective. The group envisions an installed software client that uses public key cryptography to authenticate users. Initially, the group will focus on securing access through Web browsers to Web applications. The group will then turn their attention to Android, Windows tablets and Apple devices.

"The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow the interaction of technologies within a single infrastructure, enabling security options to be tailored to the distinct needs of each user and organization," the release adds.

The FIDO Alliance plans to submit its specification to groups dedicated to Web standards including the World Wide Web Consortium (W3C).

Kevin Parrish
31 Comments Comment from the forums
  • Gazzooo
    Microsoft can well you know where it can be placed I am turning to Ubuntu and Winows 7
    all that metro garbidge to much is reliant to having to be conected online I did my 50gb quota all because of installing winows 8.1 and then installing my games that all had to be updated online which didnt work because of 32bit 64bit and brouser compatibility for constant online conection
    Reply
  • JOSHSKORN
    I hope by eradicating username/passwords, they don't increase the rate of online identity theft.
    Reply
  • SonSon1
    NSA Inside.
    Reply
  • sykozis
    Fail....
    Reply
  • Government and corporations love you! Please pay your taxes so they can make more bombs and kill more people. Because they love you.
    Reply
  • fleeb
    Why does the comments section paint a picture of MS failing or focus to how their OS sucks. This simply joined an already existing alliance by Google, BlackBerry, MasterCard, LG, etc.
    Reply
  • Dogsnake
    Near Field holds great promise. At birth a unique coded chip could be inserted under the skin of every individual. The for their entire life they could have secure authentication for everything. Once code you would need only to stand close to your car, front door or whatever to unlock. Multiple chips in various body parts could be used to interface with chips in other people for direct and personal communications. Oh the brave new world holds such wonders and possibilities.
    Reply
  • Darkk
    Bad idea of getting us chipped. What if somebody skims your chipped ID since it would be based on RF technology. Then what? I am favor the idea of getting rid of passwords but it has to be easy and secure to use. Remember dozens or so passwords is a PITA so currently I use a password manager to keep track of em all which is encrypted with a master password. Works well in the computer world but what about everywhere else?

    Gotta be a standard or nobody will use it.
    Reply
  • Geef
    At least they are joining a group to try to figure out how they can get rid of passwords. No matter what they do someone will always think its a bad idea. I'm sure they will come up with something that works and becomes a standard.
    Maybe it can be a standard like USB except its named FIDO 1.0 or 2.0 and so on.
    Reply
  • digiex
    I prefer dick pattern identification, it also give your true sex at the same time, so that guys will not pretend to be girls when online.
    Reply