Google Joins FIDO Alliance To Find An Alternative To Passwords
Google has joined a consortium of tech companies including PayPal and Lenovo attempting to stop passwords being the sole protector of personal accounts.
The group, the FIDO Alliance, is working on technology that would give the device a person was using a role in authenticating them so that a password alone is not enough to unlock an account. That approach can make it impossible to compromise accounts just by stealing passwords, as hackers did in order to break into Twitter this year and LinkedIn last year.
There have been some rumors about Google working on an authentication device, something like a USB stick for example, and this is what FIDO, which stands for Fast IDentity Online, specializes in.
FIDO is working on a standard way of providing authentication online. It doesn’t necessarily have to do with the device or method used for the authentication, but with the way in which websites can request authentication and in which users can provide it.
“Joining the FIDO Alliance is a great way to increase industry momentum around open standards for strong authentication,” Sam Srinivas, who leads information security at Google, said. “We look forward to continuing our current development work on strong, universal second-factor tokens as part of a new FIDO Alliance working group,” he added.
In practice, users would have an authentication device, which could be a USB device with a key or a fingerprint scanner or anything else of the sort.
The unique key provided by the device would be used by websites to provide access. This key would be hard to spoof and harder to obtain.
Certainly a step in the right direction.