Over the next five years, the UK government will invest heavily in cybersecurity, including new authentication methods such as Fast IDentity Online (FIDO).
The UK government recently announced, as part of its new National Cyber Security Strategy, that it will be investing £1.9 billion ($2.3 billion) in cybersecurity efforts through 2021. The UK National Cyber Security Strategy is an 84-page plan that details how the government will go about defending cyberspace, deterring adversaries, and developing new security capabilities.
Part of that defense strategy includes better securing online accounts for UK consumers. Like many other entities, the UK government is examining authentication methods that move beyond traditional passwords.
As per the strategy, the UK government will "invest in technologies like Trusted Platform Modules (TPM) and emerging industry standards such as Fast IDentity Online (FIDO), which do not rely on passwords for user authentication, but use the machine and other devices in the user's possession to authenticate. The Government will test innovative authentication mechanisms to demonstrate what they can offer, both in terms of security and overall user experience."
FIDO authentication is not one method of authenticating a user, but rather a focus on non-password methods that could involve technologies like Bluetooth, NFC, biometrics, or voice recognition. The FIDO Alliance exists to help develop specifications and certify interoperable products.
For a long time, tech industry analysts and insiders have urged companies to move past passwords as a means of securing their products and businesses. Back in 2005, then-Gartner analyst Ant Allan said that "passwords are no longer adequate as threats against them increase." At the time of this writing, that was more than 11 years ago.
Many high profile hacks have occurred recently, further highlighting the security problem with traditional passwords. A press release from the FIDO Alliance points out a Fortune article on Facebook CEO Mark Zuckerberg's password woes in the summer of 2016.
In addition to the newer authentication methods potentially providing improved security, the FIDO press release claims that they could improve the user experience as well. The reasons cited by the release were that these newer methods are easier to use than remembering a password and they are "secure by default."
"Users should no longer need to type in a one-time code and/or deal with extra screens; rather, modern authentication can leverage increasingly-available devices being shipped with built-in FIDO 'single gesture, multi-factor' authentication technology, e.g., swipe a fingerprint, take a selfie, touch a security key," the release said.
Currently, the UK government is a FIDO Alliance member and its GOV.UK Verify program supports FIDO authentication, the press release said.
The recent initiatives from the UK will build on its 2011 strategy and includes additional focuses on cybersecurity education, cybersecurity in the military, and building out cybersecurity centers to develop new products and services.
"Our vision for 2021 is that the UK is secure and resilient to cyber threats, prosperous and confident in the digital world," the report said.
You can read the full National Cyber Security Strategy for 2016-2021 here.
The 3 big takeaways for TechRepublic readers
- The UK government will invest $2.3 billion in cybersecurity over the next five years, including investments in authentication and cybersecurity education.
- The new investments are detailed in an 84-page report called the National Cyber Security Strategy, which explains how the government will build on its initiatives from 2011.
- The FIDO Alliance supports the new plans, and said that non-traditional authentication is easier and provides a better user experience.
- Good-bye weak passwords, hello GOTPass graphical authentication (TechRepublic)
- Authentication is multi-headed beast for purging passwords (ZDNet)
- Your password is weak. Adaptive authentication can offer some armor. (TechRepublic)
- Using SMS for two-factor authentication? It might be time to think again (ZDNet)
- How to set up passwordless authentication for MySQL (TechRepublic)