Brett McDowell, Executive Director, FIDO Alliance
World Password Day was started by FIDO Board member Intel seven years ago, and much has changed in that time. The world finally has a better call-to-action than simply changing passwords and hoping the year-over-year growth in data breaches magically reverses itself. The FIDO Alliance and the World Wide Web Consortium have announced a new authentication standard that Google, Microsoft and Mozilla have said will be built into Chrome, Edge and Firefox respectively. This new set of technologies, collectively known as FIDO2, enable websites and native apps to use on-device biometrics and/or portable security keys to free their users from a dependency on the failed “shared secret” security model of passwords and one-time-passcodes. Passwords are no longer fit for purpose, a fact highlighted in numerous studies that attribute password compromise as the root cause for the vast majority of data breaches that have taken place in recent years.
That’s why I applaud World Password Day’s commendable focus on multi-factor authentication this year. Instead of encouraging users to change all of their online passwords – which more often than not results in easy-to-remember passwords being recycled across different accounts – website and app developers can now look to new methods of authentication that will enhance security while improving user experience. By building to these new web standards for strong cryptographic authentication, developers can now leverage the authentication mechanisms that are already on their users’ smartphones, tablets, and computers — from fingerprint, iris, face or voice recognition, to portable hardware security keys — to improve security for their businesses and their users.
This year ‘World Password Day’ could mark the beginning of the end for “shared secrets” security on the web. But to do that, online services must accept that the humble password has outlived its efficacy and take action to learn more about FIDO2 today so that next year we can celebrate how our favorite online services have freed us from the bondage of passwords.
Cybersecurity Policy Forum: Identity, Authentication and the Road AheadCybersecurity Policy Forum:
2023 brings a new year and a new Congress –...January 30, 2023
Recap: 2023 Identity, Authentication and the Road Ahead #IDPolicyForum
By: FIDO staff The identity landscape is set to undergo...
Raconteur 2022 Report: Authentication & Digital Identity
Insight: Sharing cybersecurity successes and failures leads to improvement –...November 30, 2022