The industry organization, formed to develop technology standards for online verification of identity, on Tuesday announced the formation of its Strong Authentication Expert Group. Members of the group include American Express, Axalto, Hewlett-Packard, Oracle, RSA Security and VeriSign. Other Liberty Alliance members are also eligible to join.
"By forming the Strong Authentication Expert Group, Liberty is committing to rapidly deliver well-defined and highly deployable solutions to help organizations meet new and pressing requirements for stronger authentication," Timo Skytta, vice president of the Liberty Alliance, said in a statement. The group is working to encourage the adoption of strong authentication technology for Internet interactions and transactions.
Passwords have long been seen as a. Internet users are targeted by a plethora of scams designed to steal their passwords. Strong authentication adds another check to verify the identity of a user. The second check could be a hardware or software token, a smart card, a .
The Strong Authentication Expert Group will work on a specification dubbed the Identity Strong Authentication Framework, or ID-SAFE, the Liberty Alliance said. The first version of the specification should be ready sometime next year, the group said.
The announcement comes one month after the U.S. Federal Financial Institutions Examination Council said passwords alone are insufficient to protect online access to a bank account. The council has called for a deadline of the end of 2006 for banks to implement multifactor authentication to determine the identity of customers using online services.
The Liberty Alliance effort is backed by others in the industry, including the Smart Card Alliance.
"The smart card industry shares the view by Liberty Alliance that interoperability of strong authentication products are needed in the marketplace," said Randy Vanderhoof, executive director of the Smart Card Alliance.
Vanderhoof, quick to note that interoperability work should not discourage buyers today, said: "The challenge is to do it such a way that provides vendors a migration path towards interoperability, yet encourages interim solutions to reach the market for customers who do not require full interoperability up front."