FIDO Alliance gets ITU approval for two specifications in passwordless authentication

The International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T) has recognized two of the FIDO Alliance’s remote authentication specifications – FIDO UAF 1.2 and CTAP 2.1 – as international standards.

The Alliance says in an announcement that the recognition as official ITU-T Recommendations, conferred by ITU members including national administrations and the world’s leading ICT companies, is a milestone in its passwordless authentication tech development.

The approval also means the specifications are part of the ITU’s official global standards for developing information and communication technologies infrastructure.

FIDO UAF 1.2 is a mobile standard for authentication without passwords using biometrics and other signals to authenticate users to their local device. CTAP 2.1 allows the use of external authenticators (FIDO Security Keys, mobile devices) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE connections for a passwordless, second-factor or multi-factor authentication experience.

“The FIDO Alliance is improving online authentication through open standards based on public key cryptography that make authentication stronger and easier to use than passwords or one-time passcodes. One of the ways that we fulfill this mission is by submitting our mature technical specifications to internationally recognized standards groups like ITU-T for formal standardization,” says David Turner, senior director of standards development at the FIDO Alliance. “This recognition from ITU-T illustrates the maturity of FIDO authentication technology and complements our web standardization work with the World Wide Web Consortium (W3C).”

Heung Youl Youm, chairman of ITU-T Study Group 17, under whose responsibility the new ITU-T recommendations are, remarked: “Predecessors of these FIDO UAF and CTAP specifications were first adopted as ITU standards in 2018. ITU-T Study Group 17 will continue to strengthen its collaboration with the FIDO Alliance. These two FIDO Alliance specifications, adopted as ITU standards recently, are being widely used in various industries such as the financial sector to provide strong online authentication based on public key cryptography and various user verification methods.”

“These new ITU standards will provide a concrete basis for the two FIDO specifications to be adopted across the 193 ITU Member States.”

Abbie Barbir, another official of the ITU-T’s working group on identity management and telebiometrics architecture and mechanisms, says “this work will help address and solve the security limitations of passwords and move the world closer to passwordless solutions.”

The FIDO Alliance recently published guidelines on passkey optimization, given the growing adoption of passwordless authentication solutions.

Article Topics

biometric authentication  |  FIDO Alliance  |  FIDO2  |  ITU standards  |  passwordless authentication  |  standards