An alliance in California is trying to find new and advanced ways to access websites without using password and username logins. This week they published their final details of new a standard for logging in that is more secure and universal.
Using help from companies like eBay, PayPal and Google, the alliance would like to create an easier way to login to websites using a public cryptography key, which would be much harder to steal and hack than a password and username.
The alliance just released their final 1.0 draft for the 2 specifications: Universal second factor or U2F and Universal Authentication Framework or UAF.
The 1.0 requires compatibility between the hardware used that verifies a user’s identity, for example a USB device or a phone, and the software that the site that the user wants to log into contains.
It would function similar to a Wi-Fi and USB certification that allows numerous vendors to operate together.
The most impressive thing about the Alliance is that they focus their ideas on the authentication.
The protocols used allow trusted clients to exchange just the correct amount of information about the users. The specifications made by the alliance are full of problems with identity policies and should remove a number of the normal complexities in the management identity space.
The alliance stated that they want to respond to the loss and risk caused by password systems. Its specifications show an interoperable, scalable, open set of secure authentication mechanisms, which reduce the long-term reliance on just password and username based logins.
The newly released specifications define a completely revolutionized standard for client software and servers, including browsers, plug-ins, and app subsystems as well as for devices.
Any cloud or website app can interact with a few existing authentications, for example hardware and biometrics tokens. Those same tokens can later be used for other things, by businesses, consumer organizations and other service providers.