Photo of a Feitan ePass FIDO U2F Security

FIDO’s Future for Internet Security

 

Internet Security is a growing priority for Americans with a January Pew Research Center Poll indicating that 64% of U.S. adults had experienced at least one form of data intrusion. In March, Congress opened the floodgates for ISPs rights to sell user data, a move met with widespread public hostility, followed by further contempt from established politicians. Following this trend, companies like Facebook, Google, and other internet giants have begun pledging user privacy as a top priority.

“Well, you know, nobody has got to use the internet,”

— Rep. Jim Sensenbrenner (Wis-R)

Enter Internet Security Alliance FIDO

FIDO with 250+ members including: American Express, Bank of America, Google, Microsoft, PayPal, and many other giants of tech, pioneered two standards that will likely come to dominate the online privacy debate, Universal Second Factor (U2F) and Universal Authentication Framework (UAF).

Universal Second Factor (U2F)

Photo of a Feitan ePass FIDO U2F Security, a product designed to specifications set by internet security alliance FIDO
Feitan’s ePass is one of many U2F security keys partnered with the FIDO Alliance


U2F gives you piece of mind by taking part of your security outside of your device. The protocol is built into a number of web browsers, most notably Google Chrome through Google Passwords. Users need only carry their U2F key with them.

Since U2F keys carry part of your identity on the password, services need not require long passwords with complicated specifications. You just insert the key and tap the button on its face, or in the case of NFC-enabled devices, just tap it against the contact.

Universal Authentication Framework (UAF)

While U2F is designed to make services using passwords more secure, UAF is designed to replace them altogether. UAF enables users to sign in using their fingerprint, retina, facial, or voice scans in order to validate their identity. These methods all use hardware currently in place on laptops, tablets, and phones, so imagining the transition to these means of security a simple task.

Under the hood

Both methods rely on a popular method of encryption called Public Key Cryptography (PGP), so signing up with either method is actually just registering a public address. The device (in the case of U2F) or biometric scan (in the case of UAF), sends your private key validating your ownership of the public key.

What differentiates this process from PGP is that you do not maintain your private key yourself. The FIDO protocol manages the private keys, your authentication choice whether U2F or UAF, releases your private key from their secure protocol, completing the sign-in process without the worry of managing your key or possibly exposing it to lurking hackers.

Why are FIDO’s Authentication tools superior?

U2F and UAF were not created without purpose. They are intentionally designed to improve upon authentication methods already in place. As many as 80 percent of mobile phones now sold are capable of supporting these standards.

Existing login authentication methods fall into three types:

  • One-Time Passwords via text or apps
  • Smartcards
  • TLS Certificates

One-time passwords sent through texts or in apps are at risk of being intercepted by third parties. Once your phone number is compromised, attackers only need your password to gain access to your accounts.

Smartcards require access to a computer with specialized hardware built-in or that users supply their own card reader accessory.

TLS certificates offer reasonable protection but effectively using them requires considerable knowledge of individual users. Once a host of these certificates is hacked, your information is completely vulnerable.


FIDO’s standards for internet security are likely to stick with us for some time, solving major issues in account authentication while remaining easy to use. In one Google Engineer’s words:

“Security Keys were designed from the ground up to be practical: simple to implement and deploy, straightforward to use, privacy preserving, and secure against strong attackers”

Security Keys: Practical Cryptographic Second Factors for the Modern Web

Tags:

  • Tyler Newman

    Reporter

    I am a 24-year old online reporter based in Minnesota. With Leafly and the Minnesota Daily, I wrote AP-style compliant copy, and produced multimedia pieces covering U.S. politics, markets, lifestyle, and college sports. Data Journalism is a cause I stand firmly behind, furnishing existing visualizations with fresh data and producing some of my own. On the side, I’m a gadget geek, coffee snob, and blockchain technology enthusiast.

  • Show Comments (0)

Ads

You May Also Like

The Rise of Ransomware

Blackhat hackers have officially taken to mafia tactics. Their heist of choice? The data ...