Of all the things we do online, managing our passwords has to be our least favorite. The horror stories are told over and over again – password phishing, stolen identities, data breaches. Billions of dollars are spent every year by business, government, and consumers in an attempt to safeguard our most cherished belongings: our identities.
There is no doubt that the revolution from password management to authentication through physical characteristics (aka biometrics) is underway. Gone are the days when fingerprint and facial recognition was for law enforcement only. A new way to authenticate yourself is here. The problem with passwords is well-documented. Passwords have been around since the early Sixties when MIT created the first systems that used ‘secret pass codes’ to allow multi-user computing. The proliferation of password use has multiplied a few million times since then and problems have come with them, including:
- Password theft through phishing or brute force
- Password fatigue, caused simply by the sheer number of ‘accounts’ that we all have
- Password reuse, a side effect of password fatigue and the cause of tremendous damage to consumers worldwide
So, technology has been developed that secure our accounts by what we own (our faces, our fingerprints, our eyeballs) versus what we remember (passwords and PINs). More importantly, this universe of technology has finally begun to adopt technology standards that fuel acceptance and innovation. FIDO is such a standard.
The FIDO standard is supported by some of the largest and most influential companies in the world, including Aware Inc., and has emerged as an alternative to traditional authentication processes. FIDO is Fast Identity Online. It is an open protocol designed to improve user authentication and authorization online to meet both security and convenience for the end user. FIDO accomplishes this by making it easier for service providers to integrate additional safety factors in the online authentication process. Currently, most Internet services are based solely on the security templates based on something you know, such as passwords, security questions and PINs. With FIDO, new safety factors can be easily added based on, again, something we own (like a smart phone) and our unique physical attributes (biometrics).
Biometric authentication is not new in computer systems but the power of permeating computing brought by smartphones, along with advances in biometric technology have made it practical and comfortable for all users. Modern devices even have areas of storage and processing of protected material, such as the TEE (Trusted Execution Environment), which – along with the FIDO standards – protect the privacy of users. The biometric information is never sent out to the internet.
So what’s the benefit of FIDO? Service providers benefit from increased user adoption. The end user also benefits, using a single device for the multiple authentication services. FIDO delivers the combination of security and convenience that consumers and businesses have desired for years.
It’s unlikely that passwords will ever go away entirely, despite the claims of some. However, biometrics and the open standards of FIDO are certainly making them obsolete while increasing security and privacy online.
You can learn more about FIDO on their website or in the FIDO Alliance Pavilion (booth #2843) at Money20/20, taking place October 23-26 in Las Vegas. They will be highlighting several of the more than 250 FIDO® Certified solutions from a variety of suppliers.