News & Rumors

New malware exploits USB, but isn't really that scary

Special Coverage

Hands-on with Secusmart voice encryption

News & Rumors

BlackBerry acquires mobile security company Secusmart

News & Rumors

Blackphone fires back: 'BlackBerry betrayed its customers and jettisoned its credibility'

News & Rumors

BlackBerry discusses Blackphone and why its consumer-grade privacy is inadequate for businesses

News & Rumors

UK government set to rush through emergency surveillance legislation

News & Rumors

UK officials follow US counterparts by banning electronics with no charge from boarding flights

Editorial

Using strong passwords and keeping your online self secure

News & Rumors

First smartphone 'kill switch' bill in the US passed by… Minnesota

News & Rumors

BlackBerry kicks off security-focused Be Mobile Conference

News & Rumors

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Enterprise

BlackBerry earns two Govie Awards for outstanding security

Enterprise

BlackBerry CEO says Good is not good enough when it comes to security

BlackBerry Apps

BlackBerry tightens up on app security with BlackBerry Guardian and Trend Micro

Enterprise

BlackBerry issues statement on Air Force switch: 'There is nothing more secure than a BlackBerry'

Editorial

Despite growing security concerns, President Barack Obama stills trusts his BlackBerry

BlackBerry Apps

Your WhatsApp conversations may not be as safe as you think

Enterprise

BlackBerry 10 Receives NATO Approval for Restricted Communications

BlackBerry OS

Report claims NSA can access data on BlackBerry, Android and iOS devices

BlackBerry Apps

RSA SecurID Software Token for BlackBerry 10 now available

< >

BlackBerry joins Fido Alliance to support passwordless authentication

By Simon Sage on 5 Sep 2013 08:07 am EDT
4
loading...
24
loading...
56
loading...

BlackBerry announced their membership into a new association today called the Fido Alliance. These guys are pushing a two-factor authentication standard in order to reduce our reliance on passwords. These systems range from biometrics (like fingerprint scanning), location awareness, NFC tokens, one-time passwords and, most importantly, embedded hardware. Though BBM, Protect, and BlackBerry World are mentioned in the press release, the end user experience for BBID isn't going to change any in the immediate future, but it's easy to imagine this technology enabling BlackBerry devices to become security tokens in their own right for two-factor authentication.

For example, you could set your PayPal account so that it could only authenticate transfers made from your BlackBerry since it has a unique and certified identity. Alternatively, you could set it so that with an additional PIN number punched in on the device, you could open doors with electronic locks, or start your car. 

Security is BlackBerry's wheelhouse, so the partnership isn't entirely out of left field, but Fido is a relatively new organization formed just last summer and officially launched this February. As you can imagine, it doesn't seem like there's a whole lot of interoperability right now, but BlackBerry is the 40th. member in the alliance and will take a seat as a board member. They're joining PayPal, Lenovo, Google and NXP, just to name a few of the folks in the working groups.

It seems like the Fido Alliance will bear some productive fruit down the road, in any case - does anyone want to take a guess as to how they'll all work together? What kind of authentication mechanisms would you like to see integrated on BlackBerry?

Reader comments

BlackBerry joins Fido Alliance to support passwordless authentication

52 Comments

I've been pretty annoyed that BBID does not offer 2-part authentication. I'm using that for every account I have where it's offered. Although PayPal currently does it in a stupid way.

Sounds cool but, will BlackBerry still be here. As much as I'm pro BlackBerry, love my z10, I'm starting to wonder what is going to happen.

Posted via CB10

Geez this is getting annoying. can we please wait and see what happen? We have barked this company prematurely too many times before and THEY ARE STILL THERE! So just relax and see what happen. Anyway you, as user will not see any difference in the soon no matter what happen to the company.

Posted via CB10

He's just voicing what we're all thinking. I agree it's still there. But the thought won't go away :(

We are not all thinking that, we are all thinking why some people are actually thinking that.

Sent from my iPuh-lease-as-IF

Funny how everyone says BlackBerry is dead, yet they sign up for this alliance. How does that even make sense. Panasonic and Garmin just inked deals with QNX which in turn is owned by BlackBerry. Just doesn't make sense that these huge companies would make deals with a dead entity. I think it's the medias last attempt to crush BlackBerry prior to BlackBerry announcing something big and positive.

BlackBerry will survive in the Corporate and Government Sectors! My Z10 is so much better than an iphone!

Since BB hardware has a CPU based key, I'd like to see certificate based authentication where the certs are encrypted by a key kept in a vault which is then encrypted by the hardware key on my phone. The reason to do it that way is so you can, if you choose, keep the Fido authentication certificates decryption key on an offline, encrypted thumb drive. This would allow you to unlock those accounts in the case of a lost or damaged phone.

Right now I use Authomator (https://appworld.blackberry.com/webstore/content/22517879) on my Z10 to generate the codes for the 2-part authentication. This is not a bad way but it could be more convenient without compromising security.

Since I'm new to what differs the hardware identity in BB10 devices compared to iOS or Android based ones...

Is the "CPU based key" mentioned an identifier for the device or a security key that can be used for signing and/or encryption and in any case is it unique to BB hardware or are there other devices with the same capabilities?

Thanks in advance :0)

/Jorgen

Interesting news and a needed focus to protect consumers from each other.

Will they have a section that will focus on protecting the consumer from corporations who spy and disrespect the right to privacy?

My personal information, habits and behavior are private but not fully protected. I still want full control of my right to privacy .

Ricocan

As long as we continue to use cloud based email and other communication services (Gmail and Outlook.com for example), we have no expectation of privacy. Those companies offer these services to us for free in exchange for information about our habits, activities, contacts, etc..

I am pretty sure BB10 using SSL to a mail server I run (where I compile the OS and mail server code myself) would be pretty safe. Although I am concerned about what reporting code AMD and Intel may have in their chipsets. That is, it may not be possible to purchase a trusted hardware platform.

Of course even if you could keep information between your own systems protected, as soon as you send content to someone else, it should be considered public knowledge.

Great to see that BlackBerry is operating with an eye on the future.

Go BlackBerry!

Posted one-handed via BlackBerry Z10

I will say this once again, BlackBerry is here and kicking.
BBRY all the way hands down and this news proves BlackBerry means business.

BlackBerry's future is most defiantly uncertain. However, like any company, they will continue business as usual until told to stop.

With their new devices and so many things coming down the pipe line I still don't understand stand why they would even consider selling. Is it just corporate greed? Live for the moment, get the company on their feet then kick the chair out from under, make as much money as possible then leave? I wish Mike Lazaridis and Jim Balsillie was back in the drivers seat. I don't trust Thorsten Heins anymore.

Posted via CB10

BlackBerry seems to be advancing faster than I can ever remember; with frequent OS rollouts with substantial improvements, changes to BB World, BBM Channels, cross-platform BBM, the upcoming Z30, joining the Qi standard and now the Fido Alliance. Then you have talk of them pushing to wrap up a sale by November. Either they're full-steam ahead to build momentum for a sale and increase the share price, they already know who they'll be creating a strategic partnership with and are looking to make it as enticing as possible, or they already know for sure someone will take them private, and that someone wants to continue down the path that Thorsten laid out a couple of months ago. It will be VERY interesting to see what happens in the next few months. Regardless, the product is better than it's ever been, and improving faster than I can ever remember.

I agree that they are moving at a good pace. I hope they can maintain this pace indefinitely.

I believe that they will be taken private and that is why we seem so many improvements moving forward. If they were really in that bad of shape people wouldn't be signing on for partnerships with them at the rapid pace we have seen.

Posted via CB10

I agree, that's why the speculation on the business end is so jarring, they're not acting like a company boarding up the windows, quite the opposite actually.

Thanks Mav! We have to put the pieces together for Kevin, Blaze and company for they have lost hope. I am sorry, I just see great positives with BB10. I can see how the constant trolling, and financially backed media bashing has taken its toll.. but slowly this BB10 platform is getting in the hands of the consumer 1 by 1 and it is slick. Time will win hearts.

BlackBerry will survive in the Corporate and Government Sectors! My Z10 is so much better than an iphone!

Biometrics should hold hold everything, and should be transferable to new devices. Once the biometric readings are transferred, the phone becomes the customers and return policies are a thing of the past.....fircing customers to find out how to use their device, mwahahahaha

Posted via CB10

Business as usual. That's great news and worth sharing, just goes to show the towel has not been thrown in yet. Keep moving BlackBerry. It's the secure element of BlackBerry that has always made me stick with them, sadly there is a very large section that don't seem to give a damn or at least happy to stick heads in the sand. I've often wondered if BlackBerry marketing should make more of this side of things and not just for businesses.

Posted from my Z10 with CB10

I am optimistic that because the OS is so superior someone will back/partner with BB and they will survive and then prosper. If the general public and then developers can just find this OS it will take off

For the average consumer security does not rank as an issue. Security only becomes a concern to them when it's too late! What can you do!?

BlackBerry will survive in the Corporate and Government Sectors! My Z10 is so much better than an iphone!

Yes agree, this is why its worth trying to make them aware but instead of just scare tactics with all doom and gloom, throw the user a rope in the guise of BlackBerry :)
My experience with end users has always been to go for the subtle approach, "Oh you don't use a password, I guess that's fine if you don't use it for facebook, twitter, taking personal photo's etc..." most times this tends to work, although interestingly I have found its the BlackBerry users that more often than not have a password set.

Folks, BlackBerry isn't going anywhere anytime soon! I work for a Fortune 500 and we're currently running a BlackBerry 10 POC. Everyone is impressed, even the top dogs...if they do get sold, their MDM and NOC solution will survive, too many corporations rely on tight security. Name me one MDM solution that can give BlackBerry a run for its money ??? No one wants to deploy Android due to security concerns and the iPhone is too expensive, their OS is also stale...Apple is not as popular as it once was...i would wait for full disclosure of BlackBerry's plans before jumping the gun and asking the 'what ifs'!

Posted via CB10

BlackBerry 10 sales have been disappointing but they shouldn't rush a sell. See how cross bbm does, see how the Z30 does, do better advertisement and there's actual rumour about instagram coming to 10.2

Posted via CB10

Why on earth would I trade the paltry sum a well-used Z10 would command in exchange for not getting to use it anymore?

Posted via CB10

Hmm interesting I think this was the workplace endpoint solutions Thorstein was talking about about how the BlackBerry 10 devices would be used to replace work key fobs.

CB10- BlackBerry Z10 - 10.2.0.1047

A wifi and luetooth enabled authentication by proximity to my laptop unlocking it when I leave the phone at 0,5meters distance and locking it if out of reach would be great!

Aprt from that the logic for office doors ans login in the building would be great!

Another great possibility would be in order to use oracle systems and sap, replacing certificates by using the unique BlackBerry id of my device and making this transferable to my laptop or terminal through phone log in as described in the beggining would make it possible to access applications on server either from the phone or from my laptop without setup of certificates on each device.

This way the it admin can just set up by BlackBerry id and this would be the key for seamless integration of security authentication for everything without hassles. In case the phone gets misplaced the I'd is blocked by the admin and all is good!!

I can keep on and on with this, from car key replacement to atm use and more... the possibilities seem endless... great stuff!

Although BlackBerry is getting sold, this is maybe an indication of what the future "BlackBerry" is all about and a "mobile computing" materialization example to me...! nice one!

"Hey that is my Q... 10... via CB10

For anyone who was as confused as I:

"The FIDO (Fast IDentity Online) Alliance, an industry consortium revolutionizing online authentication with the first standards-based specifications, today announced that BlackBerry® (BBRY)(BB.TO) has joined the Alliance and been appointed to the Board of Directors."

That is, FIDO has no relation to Fido the Canadian carrier.

To answer the question, NFC apps for point of sale use makes sense to me. It is one step closer to a BlackBerry wallet.

It also plays to BlackBerry 's strengths. The important thing will be the back-end (bank/money transfer) security. If someone can get into the system by stealing one's phone identity the result would be disastrous.

Posted via CB10

I'd really like to see phones be used in payment systems in this manner soon. It would be so convenient. Also, as that system of payment becomes more prevalent, it would really give BlackBerry a chance to shine as an unmatched secure mobile payment device.

Posted while peeking and flowing on my incredible BBQ10!

A colleague had a Leno laptop that would do facial recognition. Do that from the z10 and couple that with the NFC to replace keys (house, car, work, etc). Add an NFC receiver to your laptop you can lay you phone on to enter your passwords, or plug in using the use port.

That is what I would like to see.

Posted via CB10

If BlackBerry is planning on selling their company (just read Kevin's previous post) , why would they start taking initiatives like this now?

Posted via CB10 on my Z10