Facebook Joins the FIDO Alliance | Another Big Milestone Towards Security, Ease of Use and Privacy in Authentication.
Facebook announced today that they are joining the FIDO Alliance Board of Directors to further the goal of delivering simpler, stronger authentication at-scale to reduce and eliminate the use of passwords. While Facebook has been criticized soundly in the news for their actions related to user privacy, we should applaud this positive move on their part to support a standards-based privacy-centric approach to authentication.
Facebook was a very early participant in 2011 in the informal incubation efforts that Nok Nok Labs conducted prior to creating the non-profit FIDO Alliance. It is also with some delight that we welcome back Brad Hill (@hillbrad) who will be Facebook's representative to FIDO. We collaborated closely with Brad during his tenure at PayPal as co-authors of the FIDO-UAF specification and created the very first FIDO implementations. Brad has been a great supporter of the core principles we articulated for FIDO from its inception including security, ease of use and privacy by design.
More recently, during his early tenure at Facebook, Brad provided key feedback to the FIDO2 design work that we authored over the last few years with Google, Microsoft and others to fulfill the key goal of extending FIDO enablement from securing apps to securing browsers. As you might have seen, browser implementations are starting to roll out with initial support for different authenticators.
Passwords drive cost in a dozen dimensions that are not always readily apparent. Beyond the inconvenience factor, password reset and account takeover handling costs are spiraling. Damages accrue to individuals, companies and puts national infrastructure at risk. Most pernicious is the risk to the reputation of companies like Facebook who have to manage the integrity of the information being posted onto their networks. Their users also rely on them to provide them with adequate account security for their personal information and the networks need to ensure that only the right actors can participate in the social content of the network. Privacy requirements & accompanying violations, in particular, are gaining teeth with the EU's General Data Protection Regulation (GDPR), the most comprehensive data privacy directive anywhere. FIDO powered solutions can provide a standards-based foundation to tackle these requirements.
Facebook, like Amazon (who joined the Alliance earlier this year), Microsoft and Google while being technology players are also among the largest relying parties dealing with billions of consumers among them. These companies and their peers now have an unparalleled opportunity to make a dent in the password problem by providing FIDO-based authentication to their users at-scale, delivering simplicity, security and privacy in the authentication process and use that as a building block for their overall privacy commitments to their users. Facebook's membership on the FIDO Board is a great milestone for Nok Nok’s vision for modern authentication towards a world without passwords and cementing FIDO’s future as a foundational building block for internet security.