Lenovo leads a campaign to eliminate passwords

Tech giant in push to develop an open, simpler and more secure means of online authentication

PUBLISHED : Wednesday, 13 February, 2013, 12:00am
UPDATED : Wednesday, 13 February, 2013, 5:27am

Lenovo, the world's second-largest supplier of personal computers, is leading a mission to replace the passwords that people and businesses use to access many online accounts and services.

The Chinese technology giant helped launch a new industry initiative yesterday, supporting technical specifications under the so-called Fast Identity Online (FIDO) system, which brings together a range of online authentication technologies as an alternative to multiple user names and passwords.

Based in California, the not-for-profit FIDO Alliance said current password-based online authentication was weak, due to the common habit of reusing secret words, the proliferation of malicious software, and phishing - referring to online scams that dupe recipients into providing their personal data. These factors have left consumers and businesses vulnerable to financial and identity theft.

FIDO combines hardware, software and online services to provide versatile and stronger security for internet users as they log on through their personal computer, smartphone or media tablet. It supports strong authentication techniques like USB security tokens used in online banking, near field communication technology developed for smartphones, and biometrics, which include fingerprint scanners and facial recognition.

Lenovo vice-president Mark Cohen said the FIDO Alliance co-founder had long advocated alternative authentication systems since it started deploying fingerprint readers on ThinkPad laptops about a decade ago.

The group's other founding members are PayPal, Infineon Technologies, Validity, Agnitio and Nok Nok Labs.

FIDO Alliance president Michael Barrett said: "By giving users choice in the way they authenticate and taking an open-based approach to standards, we can make universal online authentication a reality."

The initiative's launch has coincided with the growing corporate adoption of bring-your-own-device strategies, in which employees use their own computers, smartphones and media tablets for work.

"Shifting from an enterprise-owned mobile device fleet to having employees bringing their own devices has a major impact on the way of thinking and acting about mobile security," Dionisio Zumerle, a principal research analyst at Gartner, said in a report.

Companies which adopt the FIDO specifications being developed by the alliance may soon accept the credentials of users on its corporate network through so-called Trusted Platform Module chips embedded in their devices.

Users who log into a FIDO-enabled website with their embedded FIDO hardware for the first time may be asked if they want to connect the device to their account. Upon affirmation, the system will be connected to their account through a FIDO token. When the user returns the next time, the website will automatically recognise them.

Sally Hudson, research director for security products and services at analyst firm IDC, forecast that automated solutions like FIDO will help the global market for strong authentication systems to reach more than US$2.2 billion by 2016.