Passwords are a regular area of frustration for many folks. Just keeping track of your passwords is a challenge for many individuals. Many turn to keychain apps in an effort to simplify life, but even with a keychain, password resets are a common occurrence. Then you’re tasked with coming up with a new password that you’ve not used previously — something you will never remember — which leads to a repeating cycle of password resets down the road.
Biometric authentication such as facial recognition and fingerprint scans have improved the password situation somewhat. But in a world with COVID, many find that facial scans are challenging because face masks interfere with the scans (although a recent iPhone operating system update claims to have solved this problem…although in practice, the feature remains a bit glitchy and inconsistent.)
And don’t forget all of those password leaks, with cybercriminals hacking into databases and snatching up passwords for all sorts of nefarious purposes.
Enter: the FIDO Alliance, a group dedicated to ridding the world of passwords in favor of more convenient and secure authentication. In fact, the acronym in the organization’s name says it all: FIDO = Fast IDentity Online. Could we really be moving toward a world that’s free of passwords? It may sound too good to be true but the reality is that changes in this direction are already underway.
What is the FIDO Alliance and FIDO Authentication?
The FIDO alliance is leading the charge when it comes to eliminating passwords, as the group has developed protocols that are designed to protect user privacy, while offering exceptional security. In fact, their tagline explains the group’s mission rather succinctly: “Simpler, stronger authentication.”
How does FIDO work, exactly? This is how the technology — touted as a highly-secure and user-friendly alternative to the traditional password — is described on the FIDO Alliance website as follows:
The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button.
This innovative approach to authentication has prompted a movement that seeks to abolish passwords as we know them — a prospect that is quite appealing to many individuals who routinely struggle to keep track of those pesky, impossible-to-recall combinations of letters, numbers and symbols. What’s more, passwords represent a great point of vulnerability since they are so frequently targeted by hackers, cybercriminals and even identity thieves.
“Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products… This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication,” explained FIDO Alliance CMO and executive director Andrew Shikiar in an interview with Apple.com. He added that the adoption of password-free technology is “the type of forward-leaning thinking that will ultimately keep the American people safer online.”
Tech Industry Heavyweights Call to Get Rid of Passwords, Supporting the FIDO Alliance
We are now seeing industry heavyweights such as Microsoft, Apple and Google placing their support behind the FIDO Alliance and its authentication alternative to the classic password. If these tech giants have their way, we could soon live in a world where security breaches and account take-overs are largely a thing of the past. That’s a prospect that could help companies avoid millions of dollars in losses, while also creating a scenario where individuals no longer need to keep notebooks filled with passwords that are summarily scratched out when a new password reset is inevitably required.
The latest to join the movement is Microsoft, which took the opportunity to announce its support on World Password Day 2022 — a rather clever timing for the declaration. On this date, Microsoft announced its intentions to shift to password-free authentication on its various platforms. This means that users can soon go password-free on a wide array of devices including Windows, iOS and Android mobile devices, along with browser platforms such as Chrome, Safari and Edge.
The World Wide Web Consortium — better known as the WC3 — has also started backing the movement toward other alternative forms of authentication. The organization has developed the current “password-less standard” in conjunction with the FIDO Alliance.
Microsoft cited phishing and data theft involving passwords as the primary reasons for its support of the more secure FIDO authentication credentials, which can actually be used on multiple devices, thereby solving the issue of having dozens of unique passwords. They argue that the so-called “passkeys” would allow for a shift away from the more vulnerable password, with authentication credentials involving something such as a PIN, a facial scan or other biometrics such as a fingerprint.
In a recent online post, a Microsoft spokesperson wrote: “Passkeys are a safer, faster, easier replacement for your password. With passkeys, you can sign in to any supported website or application by simply verifying your face, fingerprint or using a device PIN.”
As with any new technology, user adoption is always a major hurdle. Let’s face it: people are resistant to change, especially when it involves something sensitive such as a password. But this is an issue that industry front-runners have already addressed. Microsoft Corporate Vice President of Identity Program Management Alex Simons told Apple.com that “The complete shift to a password-less world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today… By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services.”
FIDO Authentication Standard is Continually Expanded
Recent weeks have also seen an expansion in the realm of password-less standard support. Today, a large portion of devices and all popular browsers are capable of supporting FIDO authentication protocols thanks to support from Google, Apple and Microsoft, among others. Until recently, users had to sign in to each platform or device before they were capable of using the password-free FIDO protocols. But as of early May 2022, users have two new options that have made the sign in process far more secure and streamlined.
- Users can leverage FIDO authentication on a mobile device to sign in on a device or web browser, regardless of operating system or browser type.
- Users can automatically access FIDO passkeys without the need to re-enroll on each individual account. This is even true on new devices.
These two new updates should provide a better user experience, while the standard-based approach empowers service providers to offer users the opportunity to offer FIDO’s password-free credentials as an option for account recovery and as an alternative login method.
Many platforms on Google, Apple and Microsoft already accommodate the password-free FIDO technology and it is expected that additional rollouts will occur throughout 2022.
Would You Use FIDO Password-Free Technology in Your Next Mobile App?
If you’re ready to build a new mobile app or enterprise software platform, you will want to consider the use of FIDO authentication, effectively allowing users to log in securely and conveniently without the use of a traditional password. At 7T, we are always looking for new ways to integrate new, emerging technologies in our mobile app and software solutions and this includes the use of password-free FIDO credentials.
At 7T, our development team works with company leaders who are seeking to solve problems and drive ROI through digital transformation. As an innovative Dallas software and mobile app development company, 7T offers collaborative, multi-phased software development services to clients in all business sectors.
Our offices are situated in Dallas, Houston and Austin, but our clientele spans the globe. If you’re ready to learn more about developing enterprise software, a mobile app or another solution for your organization, contact 7T today.