Security Experts:

Japan's Largest Mobile Provider to Ditch Passwords

Japan's largest mobile service provider, NTT DoCoMo, said it would replace passwords with biometric credentials on a number of its online services, in a step to move users closer to a password-free world.

Starting Wednesday, NTT DoCoMo customers with smartphones capable of handling biometric authentication will be able to access several online services using iris recognition or fingerprint authentication, the company said. The company offers four smartphones with biometric authentication, including the Galaxy S6 Edge SC-04G, Galaxy S6 SC-05G, Arrows NX F-04G and Aquos Zeta SH-03G. The Arrows NX F-04G has an iris scanner which can authenticate the user.

NTT DoCoMo will support biometric authentication based on protocols developed by the FIDO Alliance, a consortium of technology companies and financial services firms trying to strengthen authentication by creating protocols and standards which don't rely on passwords. The protocols rely on the combination of hardware, software, and services, and are designed to be interoperable across different networks and devices.

“DoCoMo expects to become the world’s first mobile operator to integrate online services with smartphones capable of FIDO-enabled multiple biometric authentication,” DoCoMo said in a statement.

NTT DoCoMo also joined the board of directors for the FIDO Alliance, which was formed July 2012 and publicly launched in February of 2013.

The mobile carrier has been working to integrate FIDO-compatible biometric authentication technologies in its smartphones since last year, Seiji Maruyama, managing director of products at NTT DoCoMo, said in a statement.

Services such as d book, d game, d music, d delivery, and Pet Insurance will use iris recognition or fingerprint authentication to give users access and to process payments. DoCoMo will enable its carrier billing system enabled by FIDO authentication. This is particularly significant because DoCoMo, as Japan's largest mobile carrier, has 65 million subscribers.

The announcement benefits both users and app developers, Rajiv Dholakia, vice-president of products at Nok Nok Labs, told SecurityWeek. Users get simpler authentication, such as fingerprint and iris scanning, instead of having to remember secure passphrases or deal with the inconvenience of having to enter complex passwords on a mobile keyboard. Developers benefit because they just have to focus on a single interface when writing code to support different devices.

"Touch ID has shown that once consumers get comfortable with these modalities, then they expect to be able to use them across their different mobile applications," Dholakia said.

Along with rolling out first federated identity system to integrate FIDO authentication and mobile services ecoysystem, DoCoMo plans to work with outside partners and third-party service providers to integrate FIDO-enabled technologies. For this initial announcement, the mobile carrier worked with Nok Nok Labs, Qualcomm, Samsung, Sharp, and Fujitsu.

"In this context you can think of NTT DOCOMO as a developer, just one with 65 million subscribers offering a broad range of services," Dholakia said, noting, "The same benefits still apply."

Dholakia called the announcement a "win for the whole ecosystem," as DoCoMo's adoption of the FIDO standard will encourage manufacturers who offer devices for the mobile carrier to support the integrate more FIDO-compatible authentication technologies on their hardware.

With more devices supporting the protocols, developers and online services will be more likely to write applications actually taking advantage of the technologies. The sheer size of DoCoMo's user base will help with the momentum because there is a FIDO-enabled ecosystem already in place. There will be "a virtuous cycle," Dholakia said.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.