Apple joins Microsoft, Samsung, Intel in FIDO security alliance

Posted:
in General Discussion edited February 2020
Apple is now a member of the FIDO alliance, a body that aims to increase user security while reducing reliance on passwords. It's one of the last major technology firms to join.

The
The "Fast Identity Online" consortium now includes Apple.


Apple has now joined the FIDO or "Fast Identity Online" Alliance, several years after competitors including Microsoft, Samsung, Intel and Google. FIDO is concerned with fostering and promoting higher security for users, and specifically using authentication technology such as biometric sensors rather than passwords.

FIDO was formed in July 2012 by a small group of companies including PayPal and Lenovo. Its open specifications called for authentication systems ranging from fingerprint and iris scanners, plus hardware security keys. Microsoft became a member in December 2013, while Samsung joined in April 2014 alongside announcing its implementation of FIDO specifications in the Galaxy S5.

Apple has not commented on its joining the alliance now, nor on why it has remained outside it for eight years. However, Apple has famously popularized FIDO-like systems such as Touch ID and Face ID.

Most recently, Apple's creation of the T2 chip, and therefore a secure enclave, has meant that iPhones themselves are secure enough to be used as hardware security keys.

Using a hardware key with an iPhone
Using a hardware key with an iPhone


In January 2020, Google updated its Smart Lock app to allow that software running on an iPhone to replace the previously required extra hardware to produce a two-factor authentication key.

Such hardware login keys were facilitated by a March 2019 agreement between the World Wide Web Consortium and the FIDO Alliance to certify WebAuthn as an official standard. Safari, and other browsers, use WebAuthn for authentication.

Comments

  • Reply 1 of 6
    MacProMacPro Posts: 19,383member
    Does this mean Samsung will drop Android?  ;)
  • Reply 2 of 6
    gatorguygatorguy Posts: 23,176member
    MacPro said:
    Does this mean Samsung will drop Android?  ;)
    :) Perhaps they'll drop Knox. 
  • Reply 3 of 6
    It seems pretty obvious to me why Apple decided to Join now. As stated in this article “... iPhones themselves are secure enough to be used as hardware security keys.” It looks to me like Apple plans to capitalize on this opportunity. I can’t say I blame them either, not to mention they would be my first choice anyway. 
    FileMakerFeller
  • Reply 4 of 6
    gatorguygatorguy Posts: 23,176member
    sonar416 said:
    It seems pretty obvious to me why Apple decided to Join now. As stated in this article “... iPhones themselves are secure enough to be used as hardware security keys.” It looks to me like Apple plans to capitalize on this opportunity. I can’t say I blame them either, not to mention they would be my first choice anyway. 
    Any Android phone running Android 7 or higher, essentially all of them in current use, are secure enough to serve as hardware security keys. That's why the FIDO Alliance makes so much sense.  
    edited February 2020
  • Reply 5 of 6
    FatmanFatman Posts: 513member
    Once Apple joins, change will come. Many examples of that being the case.
  • Reply 6 of 6
    auxioauxio Posts: 2,333member
    gatorguy said:
    sonar416 said:
    It seems pretty obvious to me why Apple decided to Join now. As stated in this article “... iPhones themselves are secure enough to be used as hardware security keys.” It looks to me like Apple plans to capitalize on this opportunity. I can’t say I blame them either, not to mention they would be my first choice anyway. 
    Any Android phone running Android 7 or higher, essentially all of them in current use, are secure enough to serve as a hardware security keys. That's why the FIDO Alliance makes so much sense.  
    And I'm guessing that's why it finally makes sense for Apple to join.  Apple invested heavily and did biometric security the right way from the get go, and it was a competitive advantage to have done that.  Why would they want to join an alliance where they'd potentially have to give away the details of that implementation which they invested so heavily in?  Now that competitors have caught up, and they've recouped the money from that initial investment, it makes sense to join.
Sign In or Register to comment.