A new version of the FIDO authentication standard is designed to enable the elimination of passwords for a broader range of devices, says Phil Dunkelberger, CEO of Nok Nok Labs. The company was one of the founders of the The FIDO ("Fast IDentity Online") Alliance.
The FIDO2 standard is a significant enhancement to the original FIDO specifications, providing an expansion of stronger authentication from devices such as smartphones and tokens to web browsers. The FIDO Alliance will soon launch interoperability testing and issue certifications for servers, clients and authenticators adhering to FIDO2 specifications.
"Sixty percent of all transactions on the internet today go through a browser interface, and this [FIDO2] really extends the FIDO component protocols to a browser experience for the user," Dunkelberger says in an interview with Information Security Media Group. "We now cover everything from devices that have been traditionally supported by FIDO, phones and tablets, to PCs, desktops and kiosks. It extends the capability to give one common framework that people can use for all of their browsing and/or application experiences."
The FIDO Alliance was launched in 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. Nok Nok Labs, PayPal and Lenovo were among the founders.
Recently, the FIDO Alliance and World Wide Web Consortium completed the FIDO2 standardization efforts to bring stronger authentication to internet users. Its Web authentication specification defines a standard web API that can be incorporated into browsers and related web platform infrastructure, which gives users new methods to securely authenticate on the web, in the browser and across sites and devices.
In the interview (see audio link below photo), Dunkelberger discusses:
- Industry implications with the adoption of FIDO2
- Barriers to entry for FIDO2;
- The four components of the FIDO value proposition.
Dunkelberger, CEO of Nok Nok Labs, an authentication software developer, has more than 30 years of experience in the technology field. Before the formation of Nok Nok Labs, he served as CEO of PGP Corp. until Symantec acquired the company in 2010. Previously, he served as entrepreneur-in-residence at Doll Capital Management, president and CEO of Embark and president and COO of Vantive Corp.