Fast Identity Online (FIDO) authentication has received a huge boost as the UK government has revealed its plans of investing in the technology as part of its move beyond passwords under the five year UK National Cyber Security Strategy.
UK’s National Cyber Security Strategy [PDF] sets out a plan to make the country confident, capable and resilient in a fast-moving digital world. Over the course of the five years from 2016 to 2021, the UK government will be investing £1.9 billion to defend nation’s systems and infrastructure, deter adversaries, and develop a wholesome capability to strengthen cyber security by empowering everyone including biggest companies to the individual citizen.
The strategy involves plans to invest in FIDO authentication as well and this is seen as a step to move beyond passwords. The Government is also going to look at Trusted Platform Modules (TPM) and will be testing these innovative authentication mechanisms to demonstrate what they can offer, both in terms of security and overall user experience. This is being done by the Government as part of the broad objective of adopting challenging new cyber
security technologies in government in order to reduce perceived risks of adoption. Government’s involvement will provide a proof of concept and demonstrate the security benefits of new technologies and approaches.
The Government is seeking to better secure its internet-dependent systems and infrastructure by “ensuring that future online products and services coming into use are ‘secure by default'”, as well as encourage consumers to “choose products and services that have built-in security as a default setting.”
According to the FIDO Alliance executive director, Brett McDowell, the UK government is demonstrating leadership by acknowledging that passwords are an unsustainable form of authentication, and that we need to stop relying on them to secure internet-connected applications.
In addition to the U.K., there are signs that other governments are beginning to understand the importance of authentication reform in overall cybersecurity policy. The U.S., for example, has shown understanding of the need to move beyond passwords for years.
Although FIDO authentication already has significant support from large global organizations in the private sector, governments can and should play an important role in accelerating widespread adoption of FIDO authentication. They are in a unique position to provide guidance, update aging regulations, and lead by example in deploying emerging standards like the U.K. government is doing with FIDO specifications, notes McDowell.