The person who hacked former US President Donald Trump’s Twitter account admitted to guessing his password to “maga2020!” According to Fido Alliance, an open industry association that works on reducing password reliance, IT security experts agree passwords are one of the main reasons behind the majority of data breaches globally.
But passwords are the most indispensable and common tool of authentication. Companies have experimented on creating the most powerful passwords but hackers still have a way of either guessing or using social engineering to obtain passwords and eventually carry on their attacks.
“There has never been a stronger and easier solution that is as ubiquitously available as passwords,” said Andrew Shikiar, executive director, FIDO Alliance. “Credentials, such as usernames and passwords, are by far the most common attribute compromised during cyberattacks. Credentials are involved in 78% of cyber-espionage incidents, according to a report by Verizon.”
Raising the standards of authentication
Safer, simpler and stronger authentication in the new normal
However, there are efforts to change this with innovations that are secure and easy to use. One of the risks or concerns of organizations about the cloud is its accessibility to hackers or cybercriminals. But Fido introduced “a viable alternative to passwords that is as ubiquitously available” for businesses.
Shikiar said with Fido, login and personal information stays on the computer or smartphone, so there is no risk of losing it through phishing, and logging in is as easy as a facial or fingerprint scan.
Fido uses standard public key cryptography techniques to provide stronger authentication than passwords. The solution’s value propositions include ease of use, privacy and security, and standardization.
According to Shikiar, all leading web browsers and operating systems now have built-in support for Fido Authentication.
“Fido’s standards remove the password from the authentication flow and instead rely on much stronger and advanced security technology to log the user in,” he said. “This possession-based approach to authentication is also much easier, as users can log in with just a single gesture such as a facial or fingerprint scan, or touch an external device like a security key. This wide end-point adoption for Fido greatly reduces the costs and complexities that historically have been associated with offering strong authentication.
But weaning people from passwords, even if many struggle with its use at least one point in their lives, can be daunting. Using a solution like Fido would need massive efforts of education and assurance.
“While many businesses are feeling the pain of passwords, they may not yet be aware of these new capabilities, or of the many Fido-certified products on market they can deploy to protect their enterprises,” Shikiar said. “Fido is aiming to address this education gap through a variety of online resources, as well as through our inaugural authenticate conference, which will provide insights into Fido Authentication as well as case studies from companies spanning industries and borders.”
Shikiar said that while it may not be realistic (or necessary) to expect organizations to eliminate all passwords overnight, this most certainly is the direction in which organizations should collectively be steering.
“Inside the enterprise, many companies opt to use Fido initially as a second factor on top of passwords and then fully migrate to a passwordless approach as their infrastructure matures,” he explained. “For consumers, I believe that the vast majority of consumer-facing applications and service providers will offer password-free options to consumers by 2025 — with most leveraging Fido to do so.”
Shikiar noted Philippines-based Tonik Bank has been working with Fido member Daon to leverage Fido biometric authentication “to provide a safer and superior experience to their customers.”
“At the moment, the Alliance features over 250 organizations contributing to our efforts, and members include major industry players like Apple, Microsoft, Google, and Samsung,” Shikiar said. “Thanks to this collaboration and commitment, every modern computing device does or will soon support FIDO’s standards – which stands to make FIDO’s vision for simpler, stronger authentication as ubiquitous as other industry-driven standards that we use in our daily lives like Wi-Fi or Bluetooth.”