Yesterday, culminating over 20 months of hard work, FIDO Alliance has published final 1.0 drafts of their Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F) specifications, apparently setting a world record in the process as the world’s fastest development of a standard in the Identity Management industry.
I wrote a post about FIDO Alliance in October, when the first public announcement of the specifications has been made. Since that time, I’ve had an opportunity to test several FIDO-compatible solutions myself, including the Security Key and Yubikey Neo-N from Yubico, as well as the FIDO ready fingerprint sensor in my Galaxy S5 phone, which now lets me access my PayPal account securely. I’ve studied the documentation and reference code for building U2F support into web applications and cannot wait to try it myself, seeing how easy it looks. Probably the only thing that’s stopping me right now is that my favorite browser hasn’t implemented U2F yet.
Well, I hope that this will change soon, because that’s what publishing finalized specifications is about: starting today FIDO alliance members are free to officially market their FIDO Ready strong authentication solutions and non-members are encouraged to deploy them with the peace of mind, knowing that their implementation will interoperate with current and future products based on these standards. Press coverage of the event seems to be quite extensive, with many non-technical publications picking up the news. I believe that to be another indication of importance of strong and simple authentication for everyone. Even those who do not understand the technical details are surely picking up the general message of “making the world free of passwords and PINs”.
Those who are interested in technical details would probably be interested in the changes in the final version since the last published draft. I’m sure these can be found on FIDO Alliance’s website or in one of their webinars. What is more important, however, is that products released earlier remain compatible with the final specification and that we should expect many new product announcements from FIDO members really soon. We should probably expect more companies to join the alliance, now that the initiative is gaining more traction. Mozilla Foundation, that includes you as well!
In the meantime, my congratulations to FIDO Alliance on another important milestone in their journey to the future without passwords.