What is FIDO? How this initiative aims to make passwords obsolete
FIDO definition: What is the FIDO Alliance and what does FIDO stand for?
The FIDO (fast identity online) Alliance is an industry association that aims to reduce reliance on passwords for security, complementing or replacing them with strong authentication based on public-key cryptography. To achieve that goal, the FIDO Alliance has developed a series of technical specifications that websites and other service providers can use to move away from password-based security. In particular, the FIDO specs allow service providers to take advantage of biometric and other hardware-based security measures, either from specialized hardware security gadgets or the biometric features built into most new smartphones and some PCs.
The FIDO Alliance came together in 2013 as security pros working at PayPal, Lenovo, and other companies began to get fed up with various password-based security holes. The group has been plugging away at its goal for a while — “FIDO Alliance Says, Forget Passwords!”, CSO declared not long after the group started up — but with biometric readers becoming more and more prevalent and a new set of specs that are easy to integrate into standard webpages via JavaScript APIs, our passwordless future may finally be in sight. FIDO Alliance members include some of the biggest names in tech and media, so this initiative has muscle behind it.
FIDO specifications
Before we get into the individual FIDO specifications, we need discuss the principle that they’re all based on: public key cryptography. In this form of cryptography, each communicating party uses two keys — very large numbers — to encrypt messages via an encryption algorithm. Each party shares a public key that’s used to encode a message, which can only be decoded by a private key, which is kept secret. The two keys are related by some mathematical operation that would be difficult or impossible to reverse — for instance, the private key might be two very long prime numbers and the public key would be the number you get by multiplying those two primes together. (For more on how this works, check out CSO’s explainer on cryptography.)
Public key cryptography is already the basis for most…