Skip to main content

PayPal, Lenovo form alliance to replace passwords with more secure online authentication

Retina scans to check your email? Fingerprint analysis before ordering from Amazon? That may be the future of the Internet if the Fast Identity Online (FIDO) Alliance gets its way.

Lenovo, PayPal, and four other firm have teamed up to launch FIDO, which aims to revolutionise online authentication.

The current, password-based authentication system on the Internet is plagued by reuse, malware, and phishing, and will eventually lose out to financial and identity theft, the Alliance said.

FIDO is instead building a standards-based approach that automatically detects when an Alliance-enabled device is present, and offers users the option to replace passwords with more secure methods.

"The Internet - especially with recent rapid mobile and cloud expansion - exposes users and enterprises, more than ever before, to fraud," FIDO Alliance President Michael Barrett said in a statement. "It's critical to know who you're dealing with on the Internet."

FIDO's new standard will support a range of technologies, including biometrics like fingerprint scanners and voice and facial recognition, as well as existing options. According to the Alliance, the FIDO protocol is designed to allow for future innovation, and the specific needs of different organizations.

"By giving users choice in the way they authenticate and taking an open-based approach to standards, we can make universal online authentication a reality," said Barrett, who also serves as PayPal's chief information security officer. "We want every company, vendor, and organization that needs to verify user identity to join us in making online authentication easier and safer for users everywhere."

As the Alliance points out, most online users today carry an arsenal of three or four slightly varied passwords for use across multiple sites and accounts. But password cross-use poses serious risks if one account is compromised.

Google stepped into the fight against traditional passwords earlier this year, when it began investigating alternatives like a USB-based card that would sign users into a Google account when inserted into a device.

IDC Research Director Sally Hudson said the authentication market will earn more than $2.2 billion (£1.4 billion) in revenue by 2016.

"This demand is driven by social networking, Internet, cloud and mobile, all of which will require higher and higher levels of authentication by governments, corporations and consumers," she said in a statement. "We believe that standards based, automated solutions such as those advocated by FIDO will contribute greatly toward making this a reality."

Image Credit: Flickr (marc falardeau)