Google joins FIDO's crusade to replace passwords

A group of tech companies looking to replace passwords for online identity authentication gained a powerful ally Tuesday in the form of Google.

The consortium, called the Fast IDentity Online Alliance (FIDO), is working to develop standards-based alternatives for verifying a user's identity when trying to login to Web sites and online accounts. Formed in 2012, the group proposes specifications that will support a variety of authentication technologies, including biometrics such as fingerprint scanners and voice and facial recognition, as well as security tokens, near field communication, and one-time passwords.

The Web giant joins founding members Lenovo, PayPal, Nok Nok Labs, and Validity on the board, as well as chipmaker NXP and input device maker CrucialTec, which also joined the board Tuesday.

"Joining the FIDO Alliance is a great way to increase industry momentum around open standards for strong authentication," Sam Srinivas, who leads information security efforts for Google, said in a statement. "We look forward to continuing our current development work on strong, universal second-factor tokens as part of a new FIDO Alliance working group."

Google has already made a significant foray into this arena with two-step verification, which combines something the user knows (a password) with something the user has (a single-use code, sent to a smartphone connected to the account). In January, key security officers at Google published a paper that said, "It's time to give up on elaborate password rules and look for something better."

Despite the vulnerability presented by weak passwords, many Internet users continue to put their security at risk by using common words or number sequences that are easily guessable. For the past two years, the three most popular passwords were "password," "123456," and "12345678," according to a report released late last year.