FIDO, the password and Live Ensure®



FIDO or Fast Identity Online was launched last week by a couple of Internet big hitters most notably PayPal.   They clearly have a vested interest in ensuring that their transactions are secure.    

FIDO aims to provide specifications or standards to the industry that embody  an approach to authentication which starts to move away from the ‘security by obscurity ‘  or user name/password paradigm prevalent today.   The main reason why the incidence of hacking is sky-rocketing.   [Twitter Hacked]

FIDO aims to leverage hardware devices such as phones and tablets as well as fingerprint readers, webcams, TPM ( Trusted Platform Module)  chips and tokens into an open-standard whereby there will be inter-operability between different systems but which comply to the standard.   A client/server architecture in combination with some hardware fingerprint starts to approach a much more secure approach than the exchange of self reported credentials.    

The creation of a global repository and browser based plug-in  (a la certificate authority) is IMO a potential weakness in the model.   Who will be the custodian of this information and who will ensure it is updated. ?   The graphic below provides an overview of the approach.




Some of the key elements of FIDO are already embodied in the architecture of Live Ensure® (LiveEnsure) the Cloud based authentication solution that leverages the user’s smart-phones to provide contextual validation without the use of passwords.   Live Ensure® has already created the key elements of what FIDO is setting out to achieve. 

Live Ensure® achieves the following :
·      Passwordless authentication =  like FIDO
·      Leveraging existing device (smartphone) FIDO  (requires tokens)
·      Rapid scalability (Cloud Service) FIDO (except for token distribution)
       ·      Triangulated architecture = FIDO

Live Ensure® embraces a new approach to authentication and endorses any efforts in the direction of making the end user experience better.   If this can be done while achieving stronger security so much the better.    Live Ensure® intends to engage with the FIDO Alliance to make a contribution to this important effort in simplifying and strengthening end-user log-in security.  

Comments

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

CAPITALISM – no longer fit for purpose ?

Image
The vast majority of humanity survive on a few dollars a day.    The economic boom of the last fifty years has benefited a relatively small elite. The fossil fuel driven economy has devastated the planet. Capitalism is the most efficient creator of wealth but it has been derailed and it has led to inequality and environmental degradation on a global scale. Global warming and capitalism’s favourite progeny – globalisation – has triggered social movements,   political discontent and massive migration.    There are more economic and political migrants seeking greener pastures than at any time in history. Increased Government participation in the economy both directly and through regulation is required to temper the excesses of laissez-faire capitalism. Degrowth means uncoupling the link between growth and prosperity.        Adam Smith’s ‘invisible hand’ has been the single biggest driver of the phenomenal economic growth enjoyed globally over the last two hundred years
Read more