FIDO Provides Security Without Passwords
Written by Sue Gee   
Wednesday, 11 May 2022

Apple, Google, and Microsoft have jointly announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.

fidobanner

The FIDO ("Fast IDentity Online") Alliance was launched in 2013. It is an open industry association  whose stated mission is to develop and promote authentication standards to:

"help reduce the world’s over-reliance on passwords" 

We last reported on FIDO in 2019 when WebAuthn, a browser and platform standard for simpler and stronger authentication built on  FIDO2 cryptographic login credentials which are unique across every website, became an official web standard, see W3C Declares WebAuthn Official.

You would think that with so much at stake when it comes to personal data, including access to bank accounts, and the number of high-profile incidents of stolen or compromised passwords - 80% of all corporate data breaches are attributed to stolen or weak passwords - we would all have started to take passwords seriously. Not so, research done by USwitch for World Password Day, which falls onthe first Thursday in May revealed these shocking statistics for UK broadband users:

  • Almost half (48%) of those surveyed use the same password across multiple platforms.
  • More than a quarter (26%) don't change their passwords regularly.
  • A quarter (25%) write their passwords down on paper
  • Nearly a fifth (19%) of men use the word ‘password’ in their password

  • Nearly a third (30%) include their birth year

  • More than a third (39%) incorporate their pet's name 

dogpassword

We are all aware of the problems of passwords: bad ones are easy to guess, strong ones are hard to remember and all passwords can be stolen by phishing attacks. So news from FIDO that progress in being made towards a password-less sign-in technology has to be good. 

For World Password Day, May 5, 2022, FIDO announced a joint effort by Apple,Google and Microsoft to expand support for the authenication standard created by the FIDO Alliance and the World Wide Web Consortium. Explaining the rationale, FIDO states:

Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.

FIDO's video explains its "passkey" approach which relies on the use of a mobile phone which has either biometric or passcode authentication and can be used across all devices:

How this will work in practice is summarized in this graphic:

fidocreds

 

So if you are a Google user you can expect to see a prompt inviting you to set up the device of your choice - although a poll of our workplace revealed that 100% of us had already set it up!

 2fdialog

 

 As long as you are in the habit of having your phone to hand, (who doesn't?) this simple additional step provides a level of security that is welcome and is a step along the road to eliminating passwords.

fido

 

 

 

More Information

Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins

FIDO2 on FIDO Website

WebAuthn On W3C Website

Developer resources on FIDO Website

Related Articles

W3C Declares WebAuthn Official

Firefox 60 Supports WebAuthn

The Ultimate Guide to Password Safety

Fluid Passwords - Never The Same Password

25 GPUs Crack Passwords In Minutes

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Google Releases Gemini 2 And Jules Code Agent
18/12/2024

Google has announced an updated version of Gemini, saying that Gemini 2.0 Flash Experimental will "enable even more immersive and interactive applications", along with new coding agents that can take  [ ... ]



Greenplum's Cloudberry Fork Enters Apache Incubator
17/12/2024

Cloudberry is the open source equivalent of Greenplum.
Now it is fostered by the Apache Foundation as it acquires incubating status.


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

 

Last Updated ( Wednesday, 11 May 2022 )