FIDO Alliance looks to create standards for internet of things devices

It set the standard for online authentication. Now the alliance wants to do the same for all the connected gadgets in our lives.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

The FIDO Alliance has created a working group to develop security standards for IoT devices.

James Martin/CNET

The average American owns about eight connected devices, and by 2022 that's expected to rise to about 13 devices. None of these gadgets adheres to any kind of security standards, a problem that's troubled lawmakers and security experts for years.

The FIDO Alliance is hoping to solve that before internet of things devices boom in popularity -- the market is expected to reach 20.4 billion gadgets by 2020. The group sets security standards for online authentication, and on Wednesday, announced that it's expanding to develop security standards for IoT devices. 

This is the first time the FIDO Alliance has moved beyond setting standards for authentication online, choosing to tackle this growing cybersecurity problem.

"The IoT space is particularly fragmented, and there's a need to standardize that," said Andrew Shikiar, the FIDO Alliance's executive director. 

IoT devices are notorious for poor security, as they often come with hard-coded default passwords, or they fail to install important updates. Hackers have been able to take control of hordes of connected devices and use them for botnets in cyberattacks. Families have also suffered from IoT security weaknesses, like when hackers remotely hijacked Nest Cams to blare out false alarms.

Watch this: Smart tech to protect your home and save on insurance

Part of the issue is that the device makers don't need to adhere to any standards for security. Energy Star certifies only products that meet energy efficiency standards. In the same vein, IoT devices could come with a similar label in the future.

"We do intend that the FIDO mark will resonate and be of importance to consumers in the near future," Shikiar said.

The FIDO Alliance started in 2012 and helped establish standards for online verification and security without passwords. Its certification has become a mark of trust that companies like Google, Facebook and Microsoft rely on as a security measure. The goal of the FIDO Alliance's new IoT Technical Working Group is to do the same for connected gadgets.

Members of the group include Intel, Microsoft, Yubico, Qualcomm and Lenovo. They'll be looking to take on IoT issues like default passwords and manual updates for devices. 

The challenge will be coming up with a strong security standard that doesn't make the IoT devices too difficult to use for the average person, said Lorie Wigle, Intel's vice president of Platform Security. 

It won't work exactly like the Energy Star program, but Wigle said providing a standard would at least give customers peace of mind that the IoT products they're buying have some semblance of security.

"We struggle a lot with the idea of what could be good enough to earn a label," Wigle said. "The beauty of this is, if we have a standard protocol, we could say the device at least conforms to that."

16 smart thermostats to regulate your home's heat and AC

See all photos