The Day that Passwords Died (It’s coming soon, really!)

If there was ever a reason to celebrate, it will be the day we no longer need passwords for secure logins and access to websites and apps. For the vast majority of people, passwords have become the bane of their online existence.

Properly utilized, today’s password-based protection is a very sound security measure, especially when paired with two-factor authentication (2FA). It’s just that we don’t properly utilize password protocols, making the whole thing very unsound, not to mention cumbersome.

The Problem with Passwords

Most of us have dozens of password-protected applications and accounts. And most of us create dangerous shortcuts.

Too many of us don’t bother to use any of the terrific password manager programs available that allow us to only have to remember/lookup one complex password. We don’t set up 2FA when we’re given the opportunity. We use the same relatively easy password for multiple minor accounts. We select the “remember my password” option. We use phishable passwords like our own birthday, our partner’s or child’s name, or this password … which is apparently one of the most frequently used: “12345678” possibly second only to “password.”

Our Preference for Ease of Use

We take these chances because we’re in a hurry. It seems like we only want to be safe if it’s convenient. Fortunately, the new passwordless system will accommodate that aspect of human nature.

The new solution will be both secure and simple to use. Logging in to any of your accounts will be as easy as unlocking your phone – whether you use a pin or you’ve opted for facial or fingerprint biometric recognition. In fact, that’s exactly how it will work, when you update your cell phone adding your very own, futuristic “mobile authenticator,” aka multi-device credential, aka sign-in credential, aka passkey.

FIDO to the Rescue

The FIDO Alliance has been working for nearly a decade to solve the challenge of moving beyond password-based identity authentication protocols. This inter-industry technology association includes representatives from many of the top companies in financial, healthcare, technology, and online security services. Importantly, FIDO includes Apple, Google, and Microsoft, meaning the new FIDO solution has their blessing and the passwordless authentication standards will work across their respective platforms and browsers.

Behind the Screen

Without going too deep in the weeds, your smartphone will have a new cryptographically secure token or passkey that’s stored in the cloud (so if you lose or destroy your phone it can sync with your replacement device).

When you try to open a protected website or application, regardless of your operating system, that program will send a prompt to your phone requiring you to verify your identity. But instead of seeing a screen asking for a user name and password, you’ll be asked to authenticate your identity by unlocking the passkey using your phone’s biometric recognition feature or pin number. In other words, it’s as easy as opening your phone.

The phone must be in close proximity to the device the user is using to access the site so the two can sync with a Bluetooth connection.

Source link