New UK national cybersecurity strategy includes FIDO authentication
The UK government has unveiled its £1.9 billion ($2.3 billion USD), five year UK National Cyber Security Strategy, in which it details its plan to invest in FIDO authentication to move beyond passwords.
The comprehensive UK National Cyber Security Strategy is designed to defend cyberspace, deter adversaries, and develop capabilities.
As part of its “defend” strategy, the government is seeking to better secure its internet-dependent systems and infrastructure by “ensuring that future online products and services coming into use are ‘secure by default’”, as well as encourage consumers to “choose products and services that have built-in security as a default setting.”
“[we will] invest in technologies like Trusted Platform Modules (TPM) and emerging industry standards such as Fast IDentity Online (FIDO), which do not rely on passwords for user authentication, but use the machine and other devices in the user’s possession to authenticate,” the 84-page document states. “The government will test innovative authentication mechanisms to demonstrate what they can offer, both in terms of security and overall user experience.”
Through the investment, the UK government is acknowledging that people need to stop relying on passwords to secure internet-connected applications, and that they need a positive user experience coupled with strong security.
The UK government is a FIDO Alliance member and the Gov.UK Verify program for citizen services already supports FIDO authentication.
“The U.K.’s updated strategy is part of a growing trend that started in the U.S. with the National Strategy for Trusted Identities in Cyberspace (NSTIC),” writes Brett McDowell, executive director at FIDO Alliance. “Given the clear value, I believe that other governments around the world would benefit from following the UK’s lead by investing in initiatives that will accelerate the evolution of their internet-dependent economies from highly vulnerable password-based security to hardened FIDO-based security based on public key cryptography, often with on-device biometrics or convenient second factors that facilitate ease-of-use.
“I foresee a bright future that begins with the ubiquitous adoption of FIDO authentication by both developed and developing economies worldwide.”