Microsoft has joined a group that wants to eliminate passwords.
The FIDO Alliance, short for Fast IDentity Online, announced that Microsoft has joined as a member of the Board of Directors.
The FIDO Alliance is an industry group launched in July 2012 that's attempting to set industry-wide open standards to reduce the need for passwords. Microsoft joins Google, BlackBerry, Lenovo, MasterCard, LG Electronics and many other industry leaders in making FIDO specifications the global standard for post password authentication.
"Open FIDO specifications will support a full range of authentication technologies for operating systems, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC)," reads the press release (PDF).
Username and password combinations underpin most online services. Unfortunately, they can be easy to intercept, thus security experts have warned for years that passwords can't protect user data if they're easy to guess or if the user provides the same one across multiple accounts. However, providing biometric or personal information to a website will not be required when using FIDO authentication.
As the IDG News Service points out, password replacement technology will need to be both simple and effective. The group envisions an installed software client that uses public key cryptography to authenticate users. Initially, the group will focus on securing access through Web browsers to Web applications. The group will then turn their attention to Android, Windows tablets and Apple devices.
"The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow the interaction of technologies within a single infrastructure, enabling security options to be tailored to the distinct needs of each user and organization," the release adds.
The FIDO Alliance plans to submit its specification to groups dedicated to Web standards including the World Wide Web Consortium (W3C).