FIDO, which stands for Fast IDentity Online, is a global non-profit organization focused on stronger authentication that now has more than 90 members, but relatively few participants are from outside the U.S., he notes. Getting more involvement in the alliance from companies in Europe and Asia-Pacific will be a priority, "as well as broadening out the kind of vendor constituencies that we have so far," he adds.
Financial services organizations are well-represented among alliance members, but FIDO wants to attract member organizations and technology vendors from all sectors worldwide, Barrett says.
"We don't yet have any mobile network operators, and we'd like some of those," Barrett explains during this interview with Information Security Media Group conducted at the RSA Conference 2014. "If you're building a standard and you want it to be as universally adopted as possible, you need to make sure that you're meeting everybody's requirements and you're actually getting their use cases into your requirements document. So that's why we think it's so important to get those kind of organizations involved."
Phillip Dunkelberger, president and CEO of online security firm Nok Nok Labs Inc., a founding member of the FIDO Alliance, stresses in another interview that the current reliance on usernames and passwords often leads to data breaches. "Attackers choose the path of least resistance," he says. "Password reuse is common ... and third parties often hold many credentials in a centralized database, which makes them easy to steal."
During this interview, Barrett discusses:
- Why mobile devices are expected to play a critical role in authentication;
- Why the timing is right for an universal authentication protocol for online and mobile transactions; and
- Challenges the FIDO Alliance will have to overcome.
In addition to serving as FIDO's president, Barrett also serves on the board of directors of StopBadWare, a Berkman Center spin-off dedicated to mitigating the impact of malware attacks on businesses and individuals. Earlier in his career, from 2006 to 2013, Barrett served as chief information security officer of PayPal, where he was responsible for ensuring the security of PayPal accounts worldwide.