Thank the zrf posted
An upcoming new standards will enable cell phones, computer makers have the opportunity to eliminate the user’s password theft problem. Although our life is full of all kinds of passwords, but used to protect network account is not secure. Eliminate passwords or reducing the use of passwords, will significantly enhance the safety factor of the Internet.
At present, by companies such as PayPal and associations formed by the “FIDO Union” has published a series of technical standards, would effectively reduce the reliance on passwords, so more on a higher level networks account security.
According to FIDO Union standards, using physical Mullington method to login account, password in the authentication process, Mullington equipment will play a more crucial role. FIDO Federal Chief Information Security Officer Michael Barrett said: “consumer voucher can by guessing, network password stealing credit certificates obtained, phishing and other technical means. FIDO Union appears crucial, crucial because FIDO user password credential storage devices, cyber crime more difficult to get this information, more difficult to carry out cyber-crime. ”
After joining the League of FIDO, computer and mobile phone manufacturers in their devices implanted in a security chip (and now the vast majority of computers are built the chip) to ensure that user accounts, security of information, individual users can also purchase the corresponding technical hardware devices, such as fingerprint readers. Barrett said that this open standard, any company can use and sell devices that match the criteria, so that you can broaden the scope of use of new security technologies to gradually replace “password” in the field of security of personal account status.
Join FIDO Union the enterprise to select one or two passwords, or completely opt out of passwords. Nok Nok laboratories President Phil Dunkerberger said: “(with FIDO standards) finally get rid of the struggle we have decades of passwords. “Nok Nok laboratory recently raised $ 15 million, develop FIDO certified standard security software.
FIDO is an objective of the Union in the better use of computer hardware have come with little-used safety equipment. The vast majority of desktop computers, notebook and a handful of Tablet PC is equipped with a TPM chip is designed to identity. FIDO also allows mobile phone manufacturing business function of NFC technology to achieve the TPM chip. It is understood that ARM and Intel Corporation have hospitals in the next development for mobile phones and tablet computers similar to TPM technology.
Security experts have repeatedly stressed that two-factor authentication (that is, the first step to traditional passwords, part for the physical device certification) the importance, but there are very few users will use the verification steps, only a game player, banks, large companies will adopt two-factor authentication methods. Like Google, Dropbox, Facebook and other companies to provide two-factor authentication measures, but only a very small percentage of users will use.
Enterprise if FIDO authentication method you want to use, you only need to install validation software on the server, and then install the plug-in on the client and staff computer, or install an enterprise application on their mobile phones.
FIDO more secure authentication when authenticating the user. Traditional authentication methods require the client to send the password to the remote server’s password database is checked against, but there are risks of interception and interpretation. And password stored on a remote server, if the Super Admin account has been stolen, the loss is not only a user’s password. Last month Twitter passwords stolen, that is all.
In FIDO’s certification process, any password will not be sent, but in mobile phones, computer software processing. After verification, sending the key software to log on to the server, do not save any login information. At the same time, landing key sent by the server to inform the user equipment “has been certified”.
FIDO Ramesh Kesanupalli said that one of the co-founder of the League, “all in one device, the password handling, if the hackers to steal passwords, you must put the device stolen. ”
FIDO introduced certification standards have attracted the attention of hackers. According to the research firm IDC’s information, “according to such a large system will certainly attract many hackers to find vulnerabilities. Once compromised, FIDO systems would be finished. ”
In order to form a large enough influence, FIDO needs more companies to join. “Joining PayPal, will bring enough attention to FIDO. “FIDO now Union major in the discussion of technical issues, about how business will be discussed in the future.