Apple Inc. has not joined the Faster IDentity Online Alliance and its quest for more secure online authentication, but the technology giant has played a significant role in helping develop the foundation for new standards.
When Apple recently opened its application interfaces to allow access to its TouchID fingerprint sensor, several companies involved in the FIDO Alliance took advantage to begin developing solutions that are part of the alliance's goals, says Rajiv Dholakia, vice president of products at Nok Nok Labs.
"Apple is keenly aware of what FIDO is and the concepts behind it," Dholakia noted during a July 9 update on FIDO's developments. Nok Nok Labs has played a significant role as one of the founders of the FIDO Alliance, established as a non-profit organization in 2012 to develop stronger e-commerce security. "Some member companies are showing that FIDO-supported methods are running off Apple systems, using those APIs," Dholakia says.
Even though Apple is not an official member of FIDO, the company became connected with the alliance when it acquired South Korea-based Authentec for its biometrics technology two years ago.
"Authentec was an early participant in some of the pre-FIDO and early FIDO activities," Dholakia says.
FIDO, whose members include Discover, MasterCard, Visa, Google, Oberthur and other technology and payments companies, will always have its door open in hopes that Apple can participate, Dholakia says.
"But to the extent that they made their APIs available for the development of adequate solutions, they might just be a third party provider until Apple's customers ask them to get more involved," Dholakia adds.
FIDO's goal is to eliminate passwords and establish an open standard that embraces various forms of technology for a more secure online authentication.
The technology industry has created an authentication "Tower of Babel" with various methods that create user angst and hackers find easy to penetrate, Dholakia says.
"It's like building a room in which every light and water faucet has unique wiring and plumbing going to a central location," he adds. "What we need is an open standard that is strong, simple and usable."
Open standards such as the Secure Sockets Layer for establishing an encrypted link between a web server and browser have been embraced in the technology industry, so FIDO wants to establish an equivalent standard for authentication, Dholakia says.
"We really need a plug-and-play approach to create an interoperable ecosystem with common plumbing that would emphasize more usable types of authentication," he adds.
To that end, FIDO has been using the interim trademark of "FIDO Ready" to acknowledge biometrics and other technology that fits into its mission of establishing various levels of authentication. In the future, FIDO may establish a certification process for its standards.
The Samsung Galaxy S5 smartphone was the first to have the FIDO Ready seal of approval in February when FIDO member PayPal announced it would drop passwords in support of the phone's fingerprint authentication system.
As FIDO continues to make progress, its members hold a realistic viewpoint of how long it will take to make online authentication more secure and easier for consumers.
"Passwords are not going to go away over night, and FIDO does not have a magic bullet," Dholakia says. "But we think we have a compelling building block we can bring to fight this problem. Ultimately, we are trying to prevent scalable attacks in the e-commerce system."