May 3, 2018

Perspectives on World Password Day

Brett McDowell, Executive Director, FIDO Alliance  

World Password Day was started by FIDO Board member Intel seven years ago, and much has changed in that time. The world finally has a better call-to-action than simply changing passwords and hoping the year-over-year growth in data breaches magically reverses itself. The FIDO Alliance and the World Wide Web Consortium have announced a new authentication standard that Google, Microsoft and Mozilla have said will be built into Chrome, Edge and Firefox respectively. This new set of technologies, collectively known as FIDO2, enable websites and native apps to use on-device biometrics and/or portable security keys to free their users from a dependency on the failed “shared secret” security model of passwords and one-time-passcodes. Passwords are no longer fit for purpose, a fact highlighted in numerous studies that attribute password compromise as the root cause for the vast majority of data breaches that have taken place in recent years.  

That’s why I applaud World Password Day’s commendable focus on multi-factor authentication this year. Instead of encouraging users to change all of their online passwords – which more often than not results in easy-to-remember passwords being recycled across different accounts – website and app developers can now look to new methods of authentication that will enhance security while improving user experience.  By building to these new web standards for strong cryptographic authentication, developers can now leverage the authentication mechanisms that are already on their users’ smartphones, tablets, and computers — from fingerprint, iris, face or voice recognition, to portable hardware security keys — to improve security for their businesses and their users.

This year ‘World Password Day’ could mark the beginning of the end for “shared secrets” security on the web. But to do that, online services must accept that the humble password has outlived its efficacy and take action to learn more about FIDO2 today so that next year we can celebrate how our favorite online services have freed us from the bondage of passwords.

MORE Perspectives

Identity, Authentication and the Road Ahead: Virtual Policy Forum Day 1

Team FIDO Alliance The intersection of identity and authentication and...

February 4, 2021

ConnectSafely Webinar: Are Passwords Really Protecting Us?

ConnectSafely spoke with online security expert Andrew Shikiar, Executive Director...

October 6, 2020

FIDO Hackathon in Korea: A Q&A with the Top 3 Winners and their Mentors

Editor’s Note: Since publishing the first blog on FIDO Hackathon...

December 4, 2019
Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.


このフォームを送信することにより、FIDO Alliance, 401 Edgewater Place, Suite 600, Wakefield, MA, 01880, US, からのメールを受信することに同意したことになります。また、各メールの下部にある配信停止リンクを使用することで、いつでもメールの受信に対する同意を取り消すことができます.