Microsoft recently joined the FIDO Alliance, which is an organization working to replace outdated industry standards with new procedures that minimize and replace the reliance on passwords. According to FIDO, passwords have long been considered the weakest link in Web security.
FIDO, which launched in July 2012 and stands for Fast Identity Online, hopes that the implementation of its security specifications will one day become widespread and include devices and browser plugins.
While implementation of FIDO's new security standards are voluntary, many industry leading companies and organizations have already indicated their support. Those companies include Google, Infineon, Lenovo, LG Electronics, and many smaller companies.
The first major hurdle to overcome in standardizing authentication protocols is combating the wide variety of authentication hardware and software. Most accepted authentication hardware and software systems are proprietary services with very little overlap between manufacturers. FIDO hopes to standardize authentication technologies in order to create more robust and interoperable biometrics, PINs, and secondary authentication technologies.
The last major hurdle to for FIDO to overcome is the use of passwords as a security step. According to FIDO, usernames and passwords are the most common security protocol used while also being the most easily intercepted. Password vulnerabilities have long been warned against, such as simplistic passwords, easy to guess combinations, and reused passwords over multiple services.
The ideal password replacement technology is difficult to design. The new technology must be both easy to use and effective in protecting systems from intrusions.
The FIDO proposal intends to use a software client, installed on user's computers, which employs public key cryptography for authentication. Ideally, all major web browsers will be supported with the initial focus on security of web browser access to web applications. Eventually, FIDO plans to offer mobile authentication options for Android devices, Apple devices, and eventually Windows mobile devices.
Ultimately, FIDO plans to submit their security protocols to Web standardization groups for certification, such as the World Wide Web Consortium and the Internet Engineering Task Force. Until that time, FIDO's plans are only conjecture and implementation is easily years away.