eBay joins FIDO to lead security standards

FIDO AllianceeBay have announced their membership of the Fast IDentity Online Alliance (FIDO). They are the the first e-commerce company to directly achieve FIDO certification, and the first to launch a FIDO Universal Authentication Framework (UAF) server.

The FIDO Alliance works to improve to securely authenticate users of online services with alternatives to passwords built on open standards. eBay users today expect to log in from multiple locations on a variety of devices and it’s eBay’s task to make sure that consumers aren’t bothered with complicated passwords but can log on easily and quickly, but still securely.

Previously they had FIDO Alliance membership through their PayPal operations, but they lost this when PayPal was spun off last year. PayPal was a founding member of the FIDO Alliance.

FIDO UAF User FlowPayPal have enabled users to log into mobile devices with fingerprint recognition on Apple and Android handsets that support fingerprint scanning. We can expect eBay to roll out similar biometric log ins in the future.

The problem remains however that if you forget your finger you can still log in with a good old email address and password or mobile phone number and PIN, so there are plenty of ways for hackers to try and bypass the additional security, although social engineering still remains one of the easiest ways to hack an account.

Brett McDowell, executive director of the FIDO Alliance welcomed eBay saying “By joining the Alliance and launching its open source implementations, eBay is showing clear innovation leadership as it positions web and mobile commerce globally for broad-scale deployment of industry standard FIDO authentication“.