How FIDO Alliance, the World’s Largest Ecosystem for Standards-Based, Interoperable Authentication, Connects to the DIACC
The DIACC mandate is to identify and develop standards that prioritize and align with Canadian principles. Our Canadian focus and approach enables us to support members with locally-focused solutions and opportunities, while integrating with international frameworks and initiatives, and maintaining a pulse on worldwide trends.
The FIDO Alliance is one example of international standards driving progress in digital identity authentication. We connected with DIACC member Hypersecu, who is also a member of FIDO Alliance, to offer more insight into the authentication initiative.
Can you provide an overview of the FIDO Alliance for people who are unfamiliar?
The FIDO Alliance, Fast IDentity Online, is a non-profit organisation created with a mission to develop standards for strong authentication devices and to address the difficulties of managing multiple complex passwords. Password management can often result in high support costs for companies, while at the same time lacking effectiveness when it comes to preventing data breaches. The Alliance aims to ease these concerns by providing mechanisms that reduce reliance on passwords for strong authentication.
Currently, there are two main standards from the Alliance: U2F (Universal 2nd Factor) and UAF (Universal Authentication Framework). U2F uses a physical token, or security key, to add an extra layer of security, but does not require the user to enter an additional code the way one-time password tokens do. Instead, the user simply presses a button on their security key to log in. UAF uses biometrics, such as fingerprinting and other unique processes, to create an entirely password-less experience.
The Alliance is also developing a new standard called FIDO 2. FIDO 2 aims to provide simple and strong authentication on all devices. Its goal is to create a password-less experience with the strong security that 2-factor authentication offers.
How did this alliance start?
The Alliance was started by Ramesh Kesanupalli, at the time Chief Technology Officer of Validity Sensors, and Michael Barrett, then PayPal’s Chief Information Security Officer, who wanted to develop identification using biometrics for online authentication, that would be based on an open standard which could support multiple vendors. The FIDO Alliance was thus founded in 2012 by PayPal, Lenovo, Nok Nok Labs, Validity Sensors, Infineon, and Agnitio, and announced publicly in 2013.
In 2014, Hypersecu joined the FIDO Alliance. We are currently actively involved in promoting FIDO solutions.
Why is interoperability important to companies, users, and governments?
With so many different systems, applications, and devices that are now interconnected, interoperability is crucial for our current technological ecosystem. It allows different types of industries and enterprises to connect using the same technology without having to invest in new developments. At the same time, users have the reassurance that their devices will work on any platform supported by a particular technology – in this case, FIDO protocols. With online authentication, users, companies, and governments alike need to be able to connect from wherever they are through multiple devices, from smartphones to tablets to laptops.
Having standards also allows manufacturers, developers, and service providers to easily incorporate FIDO support into their products and services. As a result, strong authentication becomes accessible to more users and available through more services, reducing the cost and time required for implementation. Anyone can integrate FIDO technology into their day-to-day business with little disruption.
How will the FIDO Alliance impact Canadian organisations?
The FIDO Alliance will help advance the cause for trustworthy digital identity in Canada by making it simpler and less costly for Canadian organisations to implement the technology and introduce options for secure authentication. Many Canadian businesses and other organisations rely on digital transactions, such as banking and e-commerce, which makes easy-to-use but effective secure authentication that much more critical.
How will the FIDO Alliance impact Canadians?
From what we’ve observed, the average Canadian still requires more motivation to use strong authentication compared to those in other regions. Simple passwords are widely used in Canadians’ daily digital lives, from online banking to email accounts. One of the reasons for this may be due to the high cost and complexities involved in implementing strong authentication.
The FIDO Alliance will, as mentioned, make implementing strong authentication much easier and with minimal disruption. It opens new doors for Canadians to adopt cost-effective solutions for authentication that is widely supported around the world.
What is Hypersecu’s role in this initiative?
Hypersecu provides high quality and cost-efficient HyperFIDO™ U2F Security Keys. We’re constantly developing new products and initiatives using the FIDO U2F technology in order to make authentication as simple as possible. This includes mobile friendly FIDO security keys that can be used without additional attachments. We achieve this by taking advantage of features already natively available on most mobile devices such as Near-field Communication (NFC) or Bluetooth, which allow users to quickly connect their security key and log in from anywhere.
We also partner with identity and access management services such as SAASPASS to provide a one-stop multi-factor authentication solution that’s flexible and simple to use, whether you’re a small company or a large enterprise. In addition, we’ve been working to introduce FIDO U2F to universities so that students and faculty alike can protect important information such as exams, grades, student loan details, and other sensitive data.
Why is it important for Canadian companies like Hypersecu to be involved?
Since the digital world is increasingly becoming borderless and Canadian companies have a greater global reach, it’s important that we take initiative to ensure that we are creating an effective security framework. Without a trustworthy digital identity, Canadian companies become vulnerable to costly and dangerous data breaches, especially given today’s heavy reliance on digital access and transactions. However, many Canadian businesses also operate on a smaller scale with limited resources available to dedicate to security and authentication. As a result, FIDO is an excellent way for companies in Canada to implement secure authentication with minimal cost and disruption.
The DIACC develops the Pan-Canadian Trust Framework to accelerate interoperability of business, policy, and technology processes for digital identity systems and solutions. Emerging standards and technologies including FIDO, and others, are sure to play a role in accelerating Canada’s digital economy participation.