Security Specs, Standards Courtesy of FIDO May Ring Death Knell for Passwords

At some point in the near future, passwords may be a thing of the past. The Fast Identity Online Alliance is issuing its first set of password-free standards for both regular and two-factor authentication.

The FIDO Alliance is backed by the likes of Google, Microsoft and PayPal, among other tech vendors, and the new standards, if widely adopted, could eliminate the need for passwords.

"Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die," said Michael Barrett, president of FIDO. "FIDO Alliance pioneers can forever lay claim to ushering in the 'post password' era, which is already revealing new dimensions in Internet services and digital commerce."

The methods that can be used to verify a user's identity include biometric sensors, such as fingerprint scanners, as well as a hardware token that can be carried around and used to authenticate users.

There are many reasons to eliminate passwords. Apart from the fact that they are often hard to remember and take time to enter, they are also not very secure. Over 76 percent of online breaches are the result of lost or stolen login credentials, according to a survey conducted by Verizon.

While the technology for fingerprint scanners and other more secure forms of identification has been around for a while now, there has been little consensus between companies on how to implement new authentication technologies, leading to fragmentation between brands, essentially making it even more difficult for users to identify themselves.

Alliance members can now use the new specifications to build more secure and complex security systems. Some companies, including Google and PayPal, have already incorporated early drafts of the specifications into products.

While the alliance has developed the core specifications, that doesn't mean it will stop working on security standards. Going forward it will be creating extensions for core specifications to further develop online security and add more methods of identification. These include identity verification through near-field communication and Bluetooth wireless technologies.

Google recently released a USB key that works as part of a two-factor identity verification setup, essentially allowing users to simply plug in a USB key as a way of logging in to their accounts.

Now that the first official set of specifications from the FIDO Alliance has been published, many more products using different and faster ways of identity verification should be released in the near future.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics