FIDO | From the Seed of an Idea to Becoming a “Best Practice”

There was an idea to bring together a set of cutting edge technologies and brilliant individuals to see if they could solve one of the fundamental problems of modern cybersecurity. To build an infrastructure that could scale beyond our expectations, to secure our identities, to simplify the process of proving and assuring that we were who we said we were. Out of a single conversation came the building blocks of the FIDO Alliance and the core protocols of an emerging industry standard.

5 years ago, Ramesh Kesanupalli had a series of discussions on how biometrics might be used for identification rather than passwords. Their conversation led six companies – Nok Nok Labs, PayPal, Lenovo, Infineon, Validity, and Agnitio – to found what has become an industry spanning organization counting among its board members Google, Microsoft, Amazon, MasterCard, Visa, American Express, Qualcomm and many more.

This week we saw another grand success of this vision – the National Institute of Standards and Technology (NIST) identifying FIDO-based authentication as a recommendation in their Roadmap to securing the critical infrastructure of the United States.

On Tuesday, December 5th, NIST published an update to their National Cybersecurity Framework and Roadmap. In it they specifically mention how new protocols – calling out the ones developed at Nok Nok Labs for the FIDO Alliance and W3C – will bring easy-to-use and cost-effective multi-factor authentication to the consumer masses. This follows the Treasury Secretary Steve Mnuchin hailing the FIDO standards as a “great innovation” and “key to enabling financial inclusion”.

Inclusion in the NIST Roadmap is more than a simple gold star or participation trophy – due to Executive Order 13800 issued in May of 2017, adherence to the NIST Framework is mandatory for federal agencies and requires agency heads to provide a risk management report to the White House. Such reports will rely heavily on the NIST Roadmap to plan their adoption of the Cybersecurity Framework. Once only contemplated as governing operators and owners of critical infrastructure – such as power grids and governmental communication – the NIST Cybersecurity Framework is now considered by the IT security professionals in the United States as the gold standard for industry best practices.

In 5 short years, the idea that was to become FIDO has gone from the proverbial napkin drawing to being made available to over a billion people and being used by tens of millions on a daily basis to secure their identity and authenticate to their most trusted services. Ramesh and those supporting his vision, such as Nok Nok Labs CEO Phillip Dunkelberger and the team here at Nok Nok Labs, have been part of an incredible journey – seeing the seed of a simple idea become a “best practice” endorsed by experts around the world and relied on by millions.