Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.
“Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them,” said Jack Gold, president and principal analyst at J. Gold Associates. “Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.
“FIDO now has enough momentum that I assume Apple is feeling the pressure to join in,” he said. “Especially in a cloud-based world, FIDO is a key initiative to authentication that companies really can’t ignore.”
Formed in 2012, FIDO’s purpose is to push two-factor authentication for services and apps because passcodes are innately insecure. Research backs the group’s claim, as 81% of all security breaches from hackers can be traced to stolen or poor passwords, according to Verizon’s Data Breach Investigations Report.
“If you are relying on username/email address and password, you are rolling the dice as far as password re-usage from other breaches or malware on your customers’ devices are concerned,” Verizon said in its report.
Along with W3C, FIDO wrote and is using the emerging Web Authentication API (better known as WebAuthn). The WebAuthn specification is already supported – to different degrees – by major browsers such as Google’s Chrome, Mozilla’s Firefox and Microsoft’s Edge. Those browsers also support cloud credential creation using a U2F Token, which can use Bluetooth, NFC or USB to provide two-factor authentication to online services and apps.
In 2018, Apple announced it was adding “experimental” support for the WebAuthn protocol on Safari. In December, Apple added native support for FIDO-compliant security keys, such as those from Yubicoand Feitian, which use the WebAuthn standard over near-field communication (NFC), USB, or Lightning in iOS 13.3.
“FIDO is like Bluetooth for authentication – meaning that we have a number of devices with features and functions that can be used to provide authentication,” said Mahdi.
For example, Mahdi said, mobile devices or laptops may use fingerprint readers or facial recognition technology to enable log-in. Either technology could be leveraged for authentication, but without a common language, it was difficult to do and required proprietary drivers and software.
“As such, it was much more complex to reliably enable strong authentication,” Mahdi said. “FIDO, like Bluetooth, allows application developers and security leaders that want to enable strong authentication (say, in a mobile app or a website) to cover a wide range of authentication methods that are available in devices with minimal code [and without having to worry about many proprietary drivers].”
Overall, FIDO’s specification means digital services from banks, ecommerce sites and others can recognize users through their devices, rather than with usernames and passwords. For example, users could register for an online service, create a username, register their devices, and select a preferred authentication method (i.e. finger, or face, and/or PIN). No password would be needed, Mahdi said.
How FIDO’s spec works
FIDO’s specification works by enabling anyone using it to gain access to an app or online service with a private and public key pair.
When a user registers with an online service, such as PayPal, the authenticator device (a server) creates a unique private/public key pair. The private key is stored on the user’s device, while the public key becomes associated with that device through the online service or app.
Authentication is performed by the client server sending an electronic challenge to the user’s device. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a secure action such as a biometric reader (i.e., a fingerprint scan or facial recognition), entering a PIN, speaking into a microphone, or inserting a second–factor device.
U2F is an open-authentication standard that enables internet users to securely access with one security key instantly and with no drivers or client software needed, according to FIDO member and authentication vendor Yubico. FIDO2 is the latest generation of the U2F protocol.
Last April, Google joined the Alliance as part of its creation of new online identity management tools. Google added two-factor authentication through FIDO’s specification for Android 7 and above devices.
Jamf, a provider of multi-factor enterprise authentication management software for the Mac platform, joined FIDO last month.
“As we were supporting a lot of these multi-factor devices and different identity providers, it got to be complicated pretty quickly,” said Joel Rennich, director of Jamf Connect, an Apple Mac authentication and identity management product. “And we still had the problem that we needed to go back to having a password. On the Mac, there’s no built-in way of supporting your user credentials without typing in a password. However, Apple does have a pretty robust smart card installation.”
Rennich said Jamf is embracing the FIDO authentication protocol because it’s “incredibly” secure and allows a lot of flexibility because of wide-ranging industry support. In particular, because of FIDO’s use of highly-secure elliptical curve cryptography – the same used by Apple Secure Enclave – Jamf can now leverage the technology to create enterprise-class access to the iPhone, for example.
“So, we can use that hardware already in the device to work with the FIDO protocols with minimal amount of effort. …That made the development really quick,” Rennich said.
While it’s not yet shipping, Jamf also created a virtual smart card that allows users to sign into Mac devices from the cloud using elliptic-curve cryptography pairing keys in the same way FIDO’s specification does.
“We’re not here to speak for Apple…, but certainly you can see they’re doing a lot more work in this environment. I do think it’s a solid base. It’s a great standard,” Rennich said. “We do hope Apple does more with it. But in the meantime, we expect to be able to bring log-in at the log-in window with a FIDO authenticator to the Mac.”
Read More Articles
Artificial Intelligence, especially Computer Vision, image and video recognition analytics and procedural machine learning automation integrated with Virtual and Augmented Reality are pushing technology, businesses and industry into the future. As remote and virtual And on demand food deliveries became the norm during covid quarantines, we are heading into this new future and reality whether we want to or not.
Google Swirl and 3D programmatic advertising and marketing will become the new norm.
What is Swirl ?
Swirl lets consumers engage with a product like it’s right in front of them by allowing them to rotate, zoom and expand the 3d version of an object in the ad.
Swirl 3D ads allow brands to illustrate changes in behavior, new technology performance, unique product features and utilized within some AR programmatic ad, it’ll make the entire customer experience interactive.
One example :
adidas Latin America highlights innovative product design
adidas LATAM was looking to capture user attention and showcase the innovative redesign of the adidas Ultra Boost 2019 shoe. adidas LATAM and creative agency EdgeDNA created Swirl ads that allow prospective buyers to get an up-close look without having to visit a store.
Swirl ads drove a 4x higher engagement rate than rich media benchmarks and had an average viewable time of 11 seconds, which indicated that the ad captured user attention.
The 3D creatives also drove a return on ad spend (ROAS) of ~2.8 for the Colombia market.
Brands are seeing great success using Swirl ads for various campaign goals. This includes increasing consideration by showcasing product features, building brand awareness and delivering a great mobile experience.
Read the google article Below and contact Pagarba Solutions to get you started today ,
Virtual Reality has been around for quite some time now. When I was a kid people spoke about this virtual world. Virtual games. Virtual lives. Early internet portals like Compuserve, Prodigy and AOL made you believe in this future. Even BBS boards and text driven games with monochrome screens made you feel like you were in a different world. Open up your creative Imagination. It was cool and the future. At least we hoped.
The Early games on Commodore 64 and other cloned PC 8088 computers and 300 baud modems were exciting. You were also called a geek and dork by most folks. But Hey when we got a 1200 baud modem, yeah that was awesome.
Playing games and programming in BASIC and turbo Pasal made me dream of being in and buildings worlds like Gauntlet , Ultima III , eye of the beholder , star control 2, wing commander earl weavers baseball , and Pete rose baseball.
Imagine tying to upload and download a large game like Wing commander on dial up back in the day? My friend Dan and I tried to do that. Often. Those were the days.
So what’s any of this have to do with Virtual Reality ?
Creative Imagination to expand the human experience is what power VR and AR holds. Interactive experiences open up an infinite number of imaginary worlds where you are part of the living story. And doing this while never having to leave your own home.
Communicate, collaborate and interact with your long-distance friends and family in ways that were never possible before. We see early successes and awesome possibilities with headsets like oculus and htc vive and Microsoft hololens.
Today, designers , creators and developers can alter a VR or AR experience as per their own interests. It is also important that the developer and players control a huge amount of personal information provided by players. Decentralized Systems and blockchain will be huge for many things going forward , including virtual and augmented reality.
The combination of virtual reality and blockchain can decentralize the future platforms and applications. It changes the dynamic by giving control of the virtual online world back to the players and visitors.
Taking a step back. Virtual reality is more players , visitors and participants. Current and legacy coin terms more like users , watchers , and viewers. An interactive virtual world where Creative Imagination Experiences rule the day is all about visitors, players and participants.
Where are we now ?
There is a second life and Minecraft like virtual world on blockchain now called Decentraland. Visitors and players can buy a plot of virtual land with the platform’s cryptocurrency called ‘MANA’. They can then build anything as per their liking such as a building, house or a virtual neighborhood and then populate it with unique virtual objects.
They can host social events and even turn it into a profitable business if they are forward thinking. The virtual landowners in Decentraland can even monetize their worlds by selling or renting ad space in exchange for MANA.
It’s Early stages now and only works on desktops / laptops and the latency is poor. But it’s still a sign of the ready player One and the matrix future to come.
Taking decentraland virtual world powered by blockchain into consideration, the future value of VR might be more decentralized and open. This might help people understand how crypto actually holds value and can function better in the real world as well. In the virtual world, bitcoin or some other crypto token is governed by incorruptible intelligent smart contracts. As these things improve, many are suspecting a surge of people demanding the exact reality in the real world. People do not want corrupt governments and archaic governance anymore. Coronavirus can further boost this concept because of its social distancing and less contacting measures.
By creating a virtual world that entirely runs on the blockchain, it can help provide a template for ways blockchain functions in the real world. And it just works. Behind the scene. The creative imaginary interactive virtual mixed reality worlds will change the world. For real this time.
In your opinion, how far out are we from consumer-grade AR glasses reaching the market?
I think we are 12 to 24 months from the next inflection point with AR and consumers. I do think Pokemon Go was the first inflection point. It really familiarized the average consumer to the opportunity that there was with AR, and the delight that AR can provide. Other companies have continued to expand on that journey and that opportunity. But I think the next inflection point, as it relates to new form factors and potentially new experiences that those form factors unlock, is somewhere in the 12 to 24 month range.