If you grew up around the time I did, when you hear the word “Fido” you automatically think of the name of a standard dog. He, along with “Spot”, are probably the most common names for dogs ever.
Nowadays, FIDO can mean something totally different. There is an organizational movement developing a technology by this name that could potentially bypass passwords, or at least supplement them, on your electronic devices, websites and electronic document access.
The inability of many online services to protect their users’ passwords from cybercriminals, combined with the inherent weaknesses of passwords as a means of authentication, is forcing governments and the IT industry to establish a viable replacement and to long term.
Keeping passwords unbreakable is going to become more and more necessary. Right now, the majority of all successful data breaches can be linked to bad passwords. This will require the development and general adoption of identity authentication technologies. Until recently, the IT industry struggled to implement such technologies, but new developments such as the FIDO authentication standard have started to change that.
Ease of use is the reason passwords have lasted so long, but forcing users to remember longer, more complex passwords is impractical given that the average user needs to more than forty on his accounts.
Ideas such as using image recognition, where users recognize images rather than entering passwords, offer only minor security advantages over passwords, while those offering Important security benefits like iris recognition have generally been too expensive to deploy or problematic to use.
In an attempt to standardize the security of connecting to various secure sites, leading companies such as PayPal and Lenovo formed the Fast IDentity Online Alliance (FIDO) several years ago with the aim of defining a set of standards. and open specifications on how multi-factor authentication should work.
So what is FIDO, how does it work and can it remove our dependence on passwords?
FIDO is device-based, but is not designed for any specific type of authentication technology. The authentication method or provider can be changed without impacting the application used.
It provides two ways to authenticate users, one without a password that uses some type of confirmation, and the other called Second Factor, which you’ve probably heard of as two-factor authentication. In future versions, FIDO expects the two standards to evolve and harmonize more.
In the passwordless method, users register their device with an online service by selecting a local authentication mechanism. It can be biometric, like swiping a finger, taking a selfie, or speaking into a microphone. Once registered, users repeat the process each time they need to authenticate with the service, so no password is required. A service may also require several authentication mechanisms such as a fingerprint or voice analysis and a password or PIN. The presence of high quality cameras, microphones and fingerprint readers in many devices today means that it is now easier than ever to implement biometric authentication that builds trust between two parties. .
The second factor involves the use of a password or PIN code with a hardware device to support two-factor authentication: knowledge of the PIN code or password being the first factor and the device property being the second factor. The user is prompted to insert and touch their personal device during connection. The user’s FIDO-enabled device creates a new key pair and the public key is shared with the online service and associated with the user’s account. The service can then authenticate the user. A hacker would need to steal both a user’s credentials and their device to compromise an account or app login.
FIDO authentication information is never shared with an online service provider, only public keys associated with the user’s device. This removes the threat of a breach of a user’s accounts or personal data if a service provider is compromised. Likewise, biometric metrics used in FIDO authentication never leave the user’s device. There is also no information emitted by the device that can be used by different online services to collaborate and follow a user on the Internet, although the same device can be used to connect to any number of services. .
Google Chrome was the first web browser to implement Second Factor authentication support, but all major browsers will eventually provide support. For users, this means that instead of entering a six-digit password received via SMS to log into an online service, users can simply insert a FIDO-compatible USB stick into their computer and press it when the browser is running. ask them.
FIDO brings substantial gains to users and businesses, which explains its rapid adoption where other initiatives have failed to move the password. As more and more users discover the benefits of being password-free and the added security provided by FIDO authentication, online services that rely on passwords may well start to be. losers. If FIDO reduces the number of online and mobile shopping carts abandoned due to account login difficulties, retailers will easily recoup all the costs involved in updating their sites to be FIDO compliant.
Over the years, cybercriminals have made huge profits due to the ineffectiveness of password authentication, but FIDO authentication makes credential theft much more difficult and expensive, without compromising convenience for safety. Hopefully this will help end the role of password as the primary authentication factor.
So now, instead of calling your dog Fido, you might be using FIDO to order supplies for your dog online!