The recently released Samsung S5, like the iphone 5S, is equipped with fingerprint recognition technology. But more importantly, the recognizer can be connected to PayPal and then to a variety of payment systems. With this process, you are likely to get rid of your password and use your fingerprint to surf the web. Of course, S5 's fingerprint recognition technology is not perfect, but it's just a start. Google is developing a USB keychain that can be used to log in directly to the account; Microsoft has not disclosed more details, but has also said it is considering another way to seek alternative passwords.
All this is not unfounded, but based on a standard that takes 2 years to establish. Since 2012, theFIDO (Fast identity online) alliance has started to establish technical standards for connecting hardware (such as Samsung's fingerprint reader) and online services . The project was assisted by technology and financial giants, including Google, Microsoft, Bank of America and MasterCard. The plan took years and cost $ millions of to replace the password, and Samsung S5 was the first step in Fido's technical specifications.
Annoying passwords
Password landing technology began in the 1960s, when multiple users use a computer, need to use the account and password to distinguish. Stealing passwords was just one of those pranks, and there was no personal information to divulge. And now, get the password can almost understand a person's everything, such as mail, net silver, network disk and so on. And you can get this information in any networked place. A password leak can be devastating and costs $ billions of a year for maintenance.
In 2010, PayPal's security director, Michael Barrett, fingerprint identification security expert Ramesh Kesanupalli and the father of SSL and cryptographic scholar Taher ElGamal held talks. Kesanupalli hopes to have a new fingerprint identification standard, can not rely on a large database to use the recognizer, Barrett want to be able to access PayPal in a safe and simple way, and ElGamal is the best implementation of these plans. Two years later, the Fido Alliance was set up to help the company get rid of the shackles of passwords. At the start of its creation, Fido only had PayPal and 5 hardware companies, but then it grew, and Google and Microsoft joined in April 2013 and December, respectively.
0 Information Disclosure
The Fido Alliance is built on a simple concept: users log on to the computer through a fingerprint reader, so all sites can automatically log in using Zero-knowledge Proof (ZKP) technology. ZKP is a protocol that proves that a user has landed successfully (by fingerprint or iris recognition) without revealing any information about the fingerprint or iris.
With this protocol, a simple local device allows you to log into the entire network. In the age of mobile networks, this device is probably your phone. The landing process is done with the right phone and the right fingerprint, which gives a lot of security gains, because copying any one may be simple, but both will be difficult.
With ZKP technology, you can share authorization status between servers when you successfully log in, so you don't need to authenticate again. Mayank Upadhyay, Google's head of verification transactions, says that in the long run, login verification only needs to be done on devices that are readily available, such as your phone.
Obstacles to Development
Savvy readers may have noticed that the Fido alliance lacks a heavyweight company, Apple. Apple is still using its Touch ID technology, and the AuthenTec behind the technology has withdrawn from Fido immediately after being acquired by Apple. Apple and Fido go two ways, a closed source, an open source. Touch ID is probably the biggest hurdle on the Fido Road.
But even if Fido in the fingerprint recognition, this also an overall picture, its open characteristic makes it have very strong adaptability. Even if Samsung decides to give up fingerprint recognition and use iris recognition, Fido will soon make adjustments. PayPal at the Web server does not even need to know the different kinds of recognition technologies. And now this standard has just been established, and more advanced identification techniques, such as DNA scans and circadian markers, can be developed in the future, so long as the Fido remains open, it responds quickly.
Fido's bet is to make validation safe and simple, and simple enough to be ignored. Who would oppose a simple way of landing?
Fido Alliance: We will kill the password