Passwordless Authentication - FIDO Standards Eliminate Passwords

One of the biggest liabilities of relying on a single-password system is granting unprecedented control and access to anyone who knows that password. Unfortunately, the only way to reduce the chance of a password being stolen is to make passwords easier to remember, thus making them easier to guess or figure out through criminals’ increasingly more sophisticated and automated methods.

Conversely, making passwords harder to guess through a string of random alphanumeric characters makes them slow, difficult, and inconvenient to use, eliminating their efficiency while at the same time still retaining the risk of relying upon a single password alone to grant access.

FIDO Improves Security With Passwordless Authentication

An alliance of global companies has now joined to form an organization known as The FIDO Alliance, which stands for “fast online identity.” The FIDO protocol creates a compatible cryptographic standard across devices and software platforms to ensure these cryptographic measures are interoperable across browsers, platforms and devices. The goal of FIDO is to enable phishing-resistant passwordless authentication systems while also making user experiences frictionless and seamless. These modern security technologies make user access faster, easier, more efficient, and more secure than legacy systems based on the collection, storing an input of personal secrets and information like user’s name and password.

FIDO is doing this through a dual-key based authentication system known as key pairs that use asymmetric encryption methods and offers 2-factor authentication in one encrypted user step.

More Than One Mechanism

Symmetric encryption is something most people are familiar with. Something is encrypted or “locked” using a single device, such as a USB key with data on it. Data is encrypted, inaccessible, and unreadable if the key is present. When that same key is present, the data can be accessed and is decrypted so it can be read.

Asymmetric encryption relies on two keys. One is a “public key” that allows users to choose the form of encryption for the data to be protected. The second is the “private key” that must be present for the decryption to take place.

In other words, even if the public key is duplicated or stolen, it only grants access to the data. The data still can’t be read because it requires the presence of both the right public key and its pair, the private key, to access the data or access software services. The combination of a FIDO key pair system creates an easy passwordless authentication system that eliminates the inconvenience of creating a strong, hard to remember string of random alphanumeric characters and also does away with the knowledge-based authentication system, such as asking people what their mother’s maiden name was for a hint, which could often be gleaned through searching public social media profiles and posts.

If you’re interested in using the FIDO protocol and moving to a passwordless identity and authentication system, read here to learn more.