Passwords are currently a critical part of any cybersecurity effort. But, they’ve always been problematic.
In and of themselves passwords can be security risks. Even when they are long and complicated, they can often be broken by sophisticated hacking attacks. They depend on the user to maintain securely whether through personal efforts or third-party applications. Their very existence as a doorway into your devices and systems, means they need to be protected and can be exploited.
Passwords are also not entirely user friendly. They’re difficult to remember and use and that often leads to lazy and therefore vulnerable practices.
So why not just do away with passwords altogether and use other methods to gain access to your computer systems and data? That’s where the FIDO Alliance comes in.
The FIDO Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that “help reduce the world’s over-reliance on passwords”. They envision a passwordless future that utilizes their FIDO standard. And that future just might be closer than you think.
Apple, Microsoft, and Google are all currently collaborating on standards that can bring about a true escape from dependance on passwords.
The FIDO standard turns your local device (such as your phone or a USB key) into a tool to sign in with or to access multi-factor authentication. When you utilize the FIDO standard, you can only unlock your device when you scan a fingerprint, enter a PIN on your phone, or enter the multi-factor authentication code.
The feeling is a hacker can steal your password from anywhere with a phishing email, for example. But, because FIDO works locally, chances are pretty remote they’ll ever have possession of your phone. FICO effectively replaces passwords with an alternate method of access that, in theory, should be much more secure. It also eliminates the need to manage, memorize, and store those multitudes of different passwords you’re using.
Currently, FIDO isn’t quite ready to go mainstream. The FIDO standard is not widely supported at the software level. It’s also hard to share FIDO credentials between devices.
Apple, Microsoft, and Google have all stated they are actively working on integrating the FIDO standard with all of their products. We should soon be seeing FIDO become easier to use, and websites and apps offering FIDO sign-in options, if not FIDO becoming their only sign-in option.
Apple, Microsoft, and Google say they are hoping to finalize these efforts sometime in 2023.
Will people embrace a new and somewhat radical security approach and give up their passwords? That remains to be seen. But a passwordless future could be just around the corner.