FIDO Alliance launches new initiatives for identity verification and IoT security
The FIDO Alliance has announced a pair of new standards and certification initiatives to strengthen identity verification assurance with biometric “selfie” matching and trusted document authentication, and to automate secure IoT device onboarding without passwords.
Two new working groups have also been formed by the FIDO Alliance; the Identity Verification and Binding Working Group (IDWG) and the IoT Technical Working Group (IoT TWG) will each work to establish guidelines and certification criteria for their particular areas.
Onfido’s Parker Crockford and Mastercard’s Rob Carter will lead the IDWG as it defines criteria for remote identity verification and develops a certification program and educational materials to support adoption of the criteria. Biometric selfies and authentication of government-issued identity documents have been identified by the Alliance among newer remote, possession-based techniques with the potential to greatly improve identity assurance for new account onboarding and account recovery. A market need for authoritative guidance, performance evaluation and certifications for these technologies has been determined by the FIDO Alliance.
IDEMIA, Aetna, Google, Lenovo, Microsoft, NTT DOCOMO, Visa, Yahoo! Japan and the UK Cabinet Office are among other organizations participating in the working group. Onfido says the announcement demonstrates the company’s commitment to establishing trusted global identity verification. Onfido joined the FIDO Alliance’s Board of Directors in March.
“The FIDO Alliance has catalyzed a diverse set of stakeholders who have collaborated to answer the industry’s password problem through the standardization of FIDO Authentication – which has grown from concept to global web standard supported in leading browsers and platforms in just seven years,” says FIDO Alliance Executive Director and Chief Marketing Officer Andrew Shikiar. “As we look at the threat vectors in the marketplace, however, it has become apparent that there’s a gap between the high assurance provided by FIDO Authentication standards and the lower assurance methods used in identity verification for account recovery and IoT authentication. This gap can be most effectively addressed through industry collaboration and standardization rather than siloed, proprietary approaches.”