The FIDO alliance has a clear mission: ‘Simpler, Strong Authentication: Solving the Password Problem’.
But why are passwords a problem? Well, over the past decade, our digital footprint has been exposed to increasing numbers of third parties. Concurrently, data hacks have become more frequent and more serious, with news of breaches on an almost weekly basis. This means it’s likely that our data is widely available, especially on the Dark Web. Alarmingly, this includes our usernames and passwords. And when our passwords are no longer safe, then our online accounts are susceptible to attack.
Some startling statistics:
- 2.3 Billion - stolen passwords in 2017
- $5 Billion - cost to US companies each year to rectify account take over
- $1m/yr - amount organizations spend on password reset technology
- 20%-50% of helpdesk calls are for password resets.
Ironically, passwords— which were supposed to protect us—have become the gateway for hackers to hijack our accounts. Identity theft is now the largest and fastest growing crime in the world. And it enables all sorts of criminal activity. Approximately 5% of global GDP, or $2 trillion, is laundered money. This is used for human trafficking, drug trafficking and terrorist activity. Less than 1% of this is seized by authorities.
Yet we are still asking the same question after 30 years online: how do I know a person is who they claim to be in a remote setting? For many years, we thought that passwords were the answer. Now we know that we need a new solution.
There is a clear need for greater assurance around identity from the beginning of an online interaction. This is especially true for Fintechs and Banks which have an increasing need (and regulatory requirement) to onboard customers in a remote setting, and carry out effective authentication workflows. To restore trust and protect users in the digital world, we need to remove our reliance on passwords and start with the high assurance of a digital proofing.
That’s why Onfido joined the board of the Fido Alliance. We believe in their mission: ‘Simpler, Strong Authentication: Solving the Password Problem’. As a member of the board, I wanted to explore whether digital proofing could strengthen FIDO’s mission. I led a study group to explore whether the FIDO Alliance should expand its scope and, as a result, we recently announced a new working group: The Identity Verification & Binding Working Group. This working group will help the extent its remit in digital proofing, and set standards and certifications around digital proofing. Below is an extract from the press release.
“For accounts protected from phishing and other credential-based attacks with FIDO Authentication, the account recovery process when a FIDO device is lost or stolen becomes critical to maintaining the integrity of the user’s account. Validating a user’s identity with high assurance is an important aspect of this process, as well as for account onboarding processes, meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.
The FIDO Alliance has identified a newer remote, possession-based techniques including biometric “selfie” matching and government-issued identity document authentication as having the potential to greatly improve the quality of identity assurance for new account onboarding and account recovery. The Alliance has also determined a market need for authoritative guidance, performance evaluation and certifications for their use.
The FIDO Alliance has created the Identity Verification & Binding Working Group (IDWG) to fill this need. The IDWG will define criteria for remote identity verification and develop a certification program and educational materials to support the adoption of that criteria.
The IDWG is led by co-chairs Rob Carter, Mastercard and myself Other participating organizations include Aetna, Google, Idemia, Lenovo, Microsoft, Nok Nok Labs, NTT DOCOMO, OneSpan, Phoenix Technologies Ltd., Visa Inc., Yahoo! JAPAN, Yubico and the UK Cabinet Office.
By creating the testing standard for document verification providers, Fido enables the digital identity ecosystem to set up testing standards that the whole market agrees on. This will help companies protect their users and give regulators and relying parties the impetus to put more stress on the document verification industry.”
If you are interested in learning more or joining the working group please contact me at Parker.Crockford@onfido.com.
About the AuthorFollow on Linkedin More Content by Parker Crockford