To drive adoption of secure authentication, the Liberty Alliance has launched an effort to make password tokens, smart cards and similar products work smoothly together.
The industry organisation, formed to develop technology standards for online verification of identity, on Tuesday announced the formation of its Strong Authentication Expert Group. Members of the group include American Express, Axalto, HP, Oracle, RSA Security and VeriSign. Other Liberty Alliance members are also eligible to join.
"By forming the Strong Authentication Expert Group, Liberty is committing to rapidly deliver well-defined and highly deployable solutions to help organisations meet new and pressing requirements for stronger authentication," Timo Skytta, vice-president of the Liberty Alliance, said in a statement. The group is working to encourage the adoption of strong authentication technology for Internet interactions and transactions.
Passwords have long been seen as a weak form of security. Internet users are targeted by a plethora of scams designed to steal their passwords. Strong authentication adds another check to verify the identity of a user. The second check could be a hardware or software token, a smart card, a telephone-based system or biometrics.
The Strong Authentication Expert Group will work on a specification dubbed the Identity Strong Authentication Framework, or ID-SAFE, the Liberty Alliance said. The first version of the specification should be ready sometime next year, the group said.
The announcement comes one month after the US Federal Financial Institutions Examination Council said passwords alone are insufficient to protect online access to a bank account. The council has called for a deadline of the end of 2006 for banks to implement multifactor authentication to determine the identity of customers using online services.
Talkback
Good.
Also, if you please, start thinking a few years ahead and think about multiple-factor authentication in which various challenges, responses, questions, answer, data and information travel seperatly from eachother back and forth over physicly devided ways of transport. Combined with data-mining audited statistical records to home in on troublespots and things that are, security wise, not normal or expected behaviour from the customer in question to decide whether additional authentication and verification steps are in order.
Point of interest. How to protect and safe-guard all the privacy information required to make such security a reality and ensure that it's only used for that.