BlackBerry has signed up to FIDO (Fast IDentity Online) Alliance – a group which is seeking to establish new methods to identify people quickly and safely, rather than relying on passwords for mobile security.
FIDO is supported by internet giants such as Google and PayPal and is investigating alternative authentication technologies such as NFC chips, biometrics and one-time passwords, with a view to creating a standards-based system for passwordless authentication.
BlackBerry’s statement mentions services such as BBM and Protect, but is not specific about technologies or systems it might develop alongside FIDO.
Fan site CrackBerry said, “It’s easy to imagine this technology enabling BlackBerry devices to become security tokens in their own right for two-factor authentication. For example, you could set your PayPal account so that it could only authenticate transfers made from your BlackBerry since it has a unique and certified identity. Alternatively, you could set it so that with an additional PIN number punched in on the device, you could open doors with electronic locks, or start your car.”
“BlackBerry is deeply committed to remaining the Gold Standard in mobile security while providing a model for others to adopt and follow,” said Brian McBride, Technical Director for Identity at BlackBerry. “Offering safe, reliable access for our customers across the globe is inherent to everything BlackBerry does as an organization.”
FIDO aims to replace passwords with a secure, industry-supported protocol which is also easy to use. FIDO is investigating technologies such as fingerprint scanners, voice and facial recognition, and existing solutions such as Near Field Communication (NFC) and One Time Passwords (OTP), with a view to creating an integrated solution.
“BlackBerry is among the first mobile platform and mobile device suppliers to engage with the FIDO Alliance to equip customers with easy-to-use strong authentication, allowing them to easily move from site to site securely without having to enter identifying information multiple times,” FIDO said in a statement.
PayPal have been vocal this year in their support of the group’s aims.
“Passwords are running out of steam as an authentication solution. They’re starting to impede the development of the internet itself,” PayPal’s Chief Information Security Officer Michael Barrett said at the Interop Las Vegas IT expo earlier this year.
“It’s pretty clear that we can’t fix it with a proprietary approach.”
Mr Barrett pointed out the results of passwords being published online after data breaches in recent years – showing that insecure passwords such as “12345” and “password” remain among the most commonly used
“Users will pick poor passwords – and then they’ll reuse them everywhere,” says Barrett. “That has the effect of reducing the security of their most secure account to the security of the least secure place they visit on the internet.”
No password can keep you entirely safe – a data breach may occur at the company or institution you are dealing with, and cybercriminals have all the time in the world to crack lists of encrypted passwords. Choosing a good one, though, will give you time to change yours once the news breaks. Check out ESET’s guide to password hygiene for more advice.
Author Rob Waugh, We Live Security