The FIDO Alliance is a conglomerate of top technology corporations (Microsoft, Google, Oberthur, NXP, Paypal, etc…) aiming to create standardized enhanced authentication with specific goals of “Passwordless Authentication” (UAF) and “Second Factor Authentication” (U2F). Essentially, they want to be able to framework how companies provide secure access to their web resources as well as how users prove their identity to the companies. Here’s my take on the effort.
There’s a lot of debate in the information security industry about what the next-gen solution will be for authenticating users into services (websites, applications, etc…). I’ve collected a list of suggested authentication solutions (both hardware and software mechanisms) and will try to shed some light on their pros and cons.