Tech giants team up to create standard for 2FA

A group of global technology companies have teamed up to publish the specifications of a common standard for the development of two-factor authentication and biometric log-in.

The Fast Identity Online Alliance (FIDO) - which was established in 2013 and whose members include Microsoft, Google, Mastercard, Visa, PayPal, Samsung and Lenovo, among others - today published final drafts of two specifications to be used when building 2FA and authentication frameworks.

FIDO Alliance president Michael Barrett in a statement said the standard would "define the point at which the old world order of passwords and PINs started to wither and die".

The drafts offer two sets of specifications: the Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). Both are based on public-key cryptography.

"The specifications outline a new standard for devices, servers and client software, including browsers, browser plugins, and native app subsystems," the organisation said in a statement.

"Any website or cloud application can interface with a broad variety of existing and future FIDO ­enabled authenticators, ranging from biometrics to hardware tokens, to be used by consumers, enterprises, service providers, governments and organisations of all types."

The group said its members had agreed to share patent licensing on both the standards. Samsung, PayPal and Google have already begun integrating the standards into their own products.

The FIDO standards are yet to incorporate Bluetooth authentication or NFC guidelines. The organisation said it was nearing completion of extensions to incorporate the two technologies into the standards.

One notable company missing from the alliance is consumer tech giant Apple, meaning the FIDO standards won't yet become common across the industry.