|FIDO Provides Security Without Passwords|
|Written by Sue Gee|
|Wednesday, 11 May 2022|
Apple, Google, and Microsoft have jointly announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
The FIDO ("Fast IDentity Online") Alliance was launched in 2013. It is an open industry association whose stated mission is to develop and promote authentication standards to:
"help reduce the world’s over-reliance on passwords"
We last reported on FIDO in 2019 when WebAuthn, a browser and platform standard for simpler and stronger authentication built on FIDO2 cryptographic login credentials which are unique across every website, became an official web standard, see W3C Declares WebAuthn Official.
You would think that with so much at stake when it comes to personal data, including access to bank accounts, and the number of high-profile incidents of stolen or compromised passwords - 80% of all corporate data breaches are attributed to stolen or weak passwords - we would all have started to take passwords seriously. Not so, research done by USwitch for World Password Day, which falls onthe first Thursday in May revealed these shocking statistics for UK broadband users:
We are all aware of the problems of passwords: bad ones are easy to guess, strong ones are hard to remember and all passwords can be stolen by phishing attacks. So news from FIDO that progress in being made towards a password-less sign-in technology has to be good.
For World Password Day, May 5, 2022, FIDO announced a joint effort by Apple,Google and Microsoft to expand support for the authenication standard created by the FIDO Alliance and the World Wide Web Consortium. Explaining the rationale, FIDO states:
Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.
FIDO's video explains its "passkey" approach which relies on the use of a mobile phone which has either biometric or passcode authentication and can be used across all devices:
How this will work in practice is summarized in this graphic:
So if you are a Google user you can expect to see a prompt inviting you to set up the device of your choice - although a poll of our workplace revealed that 100% of us had already set it up!
As long as you are in the habit of having your phone to hand, (who doesn't?) this simple additional step provides a level of security that is welcome and is a step along the road to eliminating passwords.
or email your comment to: email@example.com
|Last Updated ( Wednesday, 11 May 2022 )|