International Telecommunication Union’s Telecommunication Standardisation Sector (ITU-T) has recognised two of the FIDO Alliance’s remote authentication specifications – FIDO UAF 1.2 and CTAP 2.1 – as international standards.
The Alliance says in an announcement that the recognition as official ITU-T Recommendations, conferred by ITU members including national administrations and the world’s leading ICT (information communication technologies) companies, is a milestone in its passwordless authentication tech development. The approval also means the specifications are part of the ITU’s official global standards for developing information and communication technologies infrastructure.
“The FIDO Alliance is improving online authentication through open standards based on public key cryptography that make authentication stronger and easier to use than passwords or one-time passcodes. One of the ways that we fulfill this mission is by submitting our mature technical specifications to internationally recognised standards groups like ITU-T for formal standardisation,” says David Turner, senior director of standards development at the FIDO Alliance. “This recognition from ITU-T illustrates the maturity of FIDO authentication technology and complements our web standardisation work with the World Wide Web Consortium (W3C).”
“Predecessors of these FIDO UAF and CTAP specifications were first adopted as ITU standards in 2018. ITU-T Study Group 17 will continue to strengthen its collaboration with the FIDO Alliance. These two FIDO Alliance specifications, adopted as ITU standards recently, are being widely used in various industries such as the financial sector to provide strong online authentication based on public key cryptography and various user verification methods,” says Heung Youl Youm, chairman of ITU-T Study Group 17. “These new ITU standards will provide a concrete basis for the two FIDO specifications to be adopted across the 193 ITU Member States.”
“Our working group within ITU-T Study Group 17 was pleased to be able to collaborate with the FIDO Alliance to promote the standardisation of state-of-the-art security technologies,” says Abbie Barbir, Rapporteur for ITU-T’s working group on ‘Identity management and telebiometrics architecture and mechanisms’ (Q10/17). “This work will help address and solve the security limitations of passwords and move the world closer to passwordless solutions.”
The specifications that are now ITU-T Recommendations are:
- FIDO UAF 1.2 (Recommendation ITU-T X.1277.2). A mobile standard providing authentication without passwords by using biometrics and other modalities to authenticate users to their local device.
- CTAP 2.1 (Recommendation ITU-T X.1278.2). Part of FIDO2 specifications along with the W3C Web Authentication standard, allows the use of external authenticators (FIDO Security Keys, mobile devices) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a passwordless, second-factor or multi-factor authentication experience.
For more information on the FIDO Alliance and FIDO authentication, visit Fido Alliance.
For more information on ITU-T SG 17, click here.
Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus
