As Volvo realized when developing the three-point seatbelt, security needs to be simple and work in a simple gesture, or users won’t adopt it. Volvo also knew that in order to scale to every car and user, their invention needed to be an open standard. Eventually, all countries made the seatbelt a legal requirement, and it has since then saved millions of lives.
The future of strong online identities will follow the same path; they must be simple to use across all computers and mobile devices. To complement existing standards for one-time passwords and smart cards, the Swedish/American authentication innovator Yubico and the Google security team created the open authentication standard U2F (Universal 2nd Factor), today further developed by open standards organization FIDO Alliance and W3C.
Since deployed by Google staff and end users, FIDO U2F-powered USB and NFC devices have significantly reduced fraud, support calls, and time to login compared to mobile software authentication. Introducing strong authentication with high-privacy features, FIDO U2F is also being used by global dissidents to protect their online identities.
Stina Ehrensvard explains the advantages presented by FIDO U2F in comparison to one-time passwords (apps, SMS, tokens) and smart cards, how and why these technologies will continue to coexist in the coming future, and where they fit in the the larger identity ecosystem.
Stina Ehrensvard is the CEO and founder of Yubico and coinventor of the YubiKey—a small device that makes strong two-factor authentication easy and affordable for everyone. She is a visionary IT entrepreneur with a proven track record of creating and bringing new technology innovations to global markets. Stina is an accomplished speaker on Internet identity, security, and entrepreneurship and was most recently named one of Inc.’s 2013 Woman to Watch in Tech.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com