​Google, Samsung get closer to giving passwords the finger with FIDO certification

The FIDO alliance has certified 31 products and services under two protocols which aim to do away with the need for passwords.

Google and Samsung are among 16 companies whose products have been certified under two "password-less" authentication specifications.

The The FIDO (Fast IDentity Online) Alliance on Wednesday certified 31 different products under the first version of two security specifications. The specs aim to develop a standardised ecosystem of products and services for two-factor and biometric authentication and, ultimately, eliminate the password.

Read this

Windows 10 will let you say goodbye to passwords forever Windows 10 will let you say goodbye to passwords forever Microsoft adding password-free sign-on via Windows 10 to Azure Active Directory, cloud apps, and more.

Google's login service is among the first tranche of products to be certified under FIDO 1.0, which comes as Google begins splitting its Gmail sign-in process across two pages so that a username is entered on the first page while the password field is filled in on a second page.

The move, announced earlier this month on its product forums, prepares its login page for "future authentication solutions that complement passwords". In the meantime, it's also annoyed many users that don't see how two pages makes life easier.

Google's login was certified as a universal two-factor (U2F) server. Products can be certified as a UAF client, UAF server, UAF authenticator, as well as U2F authenticator or U2F server.

FIDO certification covers two protocols, the first being the Universal Authentication Framework (AUF) for biometrics, which allows a user to register a device for an online service and then use that device as a biometric reader. The idea is that, the next time they login, they can use a fingerprint or an eye scan to to verify their identity.

The second protocol is Universal Second Factor (U2F), which covers devices such as Google's own 'Security Key' - a USB-connected device stores a cryptographic version of a user's password and lets the user authenticate simply by pressing a button on the device. Security Keys, which are made by several vendors, can be used to access a Google Account.

Other companies whose products have been certified include Qualcomm, Samsung, and a number of authentication firms, including Yubico, the company Google has been working with to develop its Secure Key.

Microsoft isn't among the first round of companies to gain FIDO certification. However, it will be with Windows 10 and has been contributing to the second version of FIDO.

Read more on FIDO

Show Comments