Subscribe to Email Updates

Subscribe

credit_card_data_security.jpg

Financial Companies to Provide Stronger Authentication Methods; How FIDO Works

By Razvan Muresan on Aug 01, 2015 | 0 Comments

Financial services companies have the most urgent need for safer payment methods as their clients demand privacy, security and convenience in all transactions, according to FIDO (Fast IDentity Online) Alliance

,

 which groups more than 200 companies and government agencies, including financial institutions such as Wells Fargo, Goldman Sachs and JP Morgan Chase, among others.


Bank clients may experience safer transactions as more financial companies, now including ING Bank of the Netherlands and USAA, join the FIDO (Fast IDentity Online) Alliance, to solve problems users face in creating and remembering multiple usernames and passwords.

FIDO protocols are based on public key cryptography and strongly resist phishing. Users register their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic or entering a PIN. Once registered, they simply repeat the local authentication action to authenticate to the service. The user no longer needs to enter a password when authenticating from that device. The Universal Authentication Framework also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN.

The second factor FIDO experience allows online services to augment the security of their existing password infrastructure by adding a strong second factor to user login. The user logs in with a username and password, as before. The service can also prompt the user to present a second factor device at any time it chooses. The strong second factor allows the service to simplify its passwords, such as a 4–digit PIN, without compromising security.

graphic_TheUserExperience

The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information never leaves the user’s device, according to FIDO’s specifications overview.

graphic_Registration

The FIDO Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and change the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords.

This article originally appeared on HOTforSecurity.

Share This Post On

Author: Razvan Muresan

Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on Bitdefender blogs.