The Fast Online Identity (FIDO) Alliance said it saw a 200% increase in approved certifications for its Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F) standards. Both standards aim to replace passwords with solutions that are easier to use and make devices more secure by default.
UAF is the FIDO alliance's main standard. It mostly relies on biometric profiles, such as a fingerprint, a face, or a retina scan, to work. Its goal is to replace passwords and thus make it easier for people to unlock their devices or login to websites.
This may not turn out to be a good idea in the long term, especially as governments start to use biometrics as IDs. Until then, however, they're also far more convenient than passwords. If you consider the fact that most people don’t use password managers and reuse passwords that can be stolen in one data breach or the next, they offer potentially better security as well.
Beyond biometric authentication methods such as authentication via fingerprint, face or iris scans, as well as voice identification, UAF also supports PINs. It will soon be extended to support logging in to websites via a public key cryptography mechanism tied to the PIN or biometric authentication used on the local device. This is based on Microsoft’s “Hello” authentication protocol for websites.
The U2F standard aims to replace the One Time Password (OTP) codes used now by SMS and app-based authentication mechanisms, as well as by the older hardware tokens.
The FIDO Alliance said the latest companies to receive a FIDO certification include:
certSIGNEyeVerify Feitian Technologies Co., Ltd.i-Sprint Innovations Pte LtdIntelIRISYS Co., Ltd.Jilin University Information Technologies CO., LTD.NBREDS openit Inc.SK Telecom ubivelox
The latest round of certifications also marked a first in the FIDO standards’ history: Intel and Synaptics brought FIDO biometric authentication for the first time to Lenovo notebooks (opens in new tab).
The FIDO Alliance said that new certification programs covering new specifications should be available in 2017. Companies looking to adopt the FIDO authentication standards and test for them can register on the FIDO Alliance website.