Analytics
12/12/2013
02:56 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Microsoft Joins FIDO Alliance Board Of Directors

Microsoft to work with the FIDO Alliance to produce open standards

Mountain View, Calif - December 12, 2013… The FIDO (Fast IDentity Online) Alliance, an industry consortium revolutionizing online authentication with the first standards-based specifications, today announced that Microsoft has joined the Alliance as a member of the Board of Directors. Microsoft is committed to working with the FIDO Alliance to produce open standards that will ensure interoperability among strong authentication methods and technologies. Representing the preeminent desktop and enterprise software vendor, and as the third leading mobile platform provider to join the FIDO Alliance board, Microsoft joins Google, BlackBerry and many other industry leaders in making FIDO specifications the global standard for post-password authentication.

FIDO members commit to share technology and collaborate to deliver open specifications for universal strong authentication that enables FIDO-compliant authentication methods to be interoperable, more secure and private, and easier to use. Microsoft software runs on hundreds of millions of devices, and the technology leader maintains clear leadership in enterprise, desktop and laptop markets. Users of Microsoft products and services will have a variety of choices for better authentication that overcomes the prevailing reliance on passwords. FIDO authentication is designed with a core focus on privacy − all biometric or personal identifying information (PII) stays local on the user’s device and is never shared to the cloud or over the network.

“Microsoft and the many global leaders joining our endeavor in the last ten months validates the work of the FIDO Alliance, and clearly indicates the imminent sea change set to move the world from a dependency on passwords to universal strong authentication,” said Michael Barrett, president of the FIDO Alliance. “Clearly, the Alliance is recognized as the foremost place to effect the changes needed to ensure future authentication that is simultaneously easier to use, more secure, and private. We welcome Microsoft to our board of directors and value the contributions that only Microsoft can make to benefit enterprises and users everywhere.”

"Microsoft has a track record of unwavering commitment to security and significant contributions to open standards organizations. Joining the FIDO Alliance board of directors is a logical step for us as a way to serve our customers and the community,” said David Treadwell, Corporate Vice President, Microsoft. “As a contributor to the FIDO Alliance working groups on next generation authentication, we look forward to furthering our innovation and thought leadership in the identity space."

"Microsoft joining Fido Alliance's Board is a key milestone to reaching the post UN/PW Authentication era of strong Authentication," said Sami Nassar vice president & general manager Authentication, NXP Semiconductors. "With the support from industry leaders across the value chain, from semiconductors to relying parties, FIDO adds cloud security without compromising privacy and simplicity for consumers and enterprise users."

Open FIDO specifications will support a full range of authentication technologies for operating systems, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow the interaction of technologies within a single infrastructure, enabling security options to be tailored to the distinct needs of each user and organization.

About The FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for better authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. Better authentication is stronger, private, and easier to use when authenticating to online services.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web