Brett McDowell, Executive Director, FIDO Alliance  

World Password Day was started by FIDO Board member Intel seven years ago, and much has changed in that time. The world finally has a better call-to-action than simply changing passwords and hoping the year-over-year growth in data breaches magically reverses itself. The FIDO Alliance and the World Wide Web Consortium have announced a new authentication standard that Google, Microsoft and Mozilla have said will be built into Chrome, Edge and Firefox respectively. This new set of technologies, collectively known as FIDO2, enable websites and native apps to use on-device biometrics and/or portable security keys to free their users from a dependency on the failed “shared secret” security model of passwords and one-time-passcodes. Passwords are no longer fit for purpose, a fact highlighted in numerous studies that attribute password compromise as the root cause for the vast majority of data breaches that have taken place in recent years.  

That’s why I applaud World Password Day’s commendable focus on multi-factor authentication this year. Instead of encouraging users to change all of their online passwords – which more often than not results in easy-to-remember passwords being recycled across different accounts – website and app developers can now look to new methods of authentication that will enhance security while improving user experience.  By building to these new web standards for strong cryptographic authentication, developers can now leverage the authentication mechanisms that are already on their users’ smartphones, tablets, and computers — from fingerprint, iris, face or voice recognition, to portable hardware security keys — to improve security for their businesses and their users.

This year ‘World Password Day’ could mark the beginning of the end for “shared secrets” security on the web. But to do that, online services must accept that the humble password has outlived its efficacy and take action to learn more about FIDO2 today so that next year we can celebrate how our favorite online services have freed us from the bondage of passwords.


More

Recap: Virtual Summit: Demystifying Passkey Implementations

By: FIDO staff Passkeys hold the promise of enabling simpler, strong authentication. But first organizations,…

Read More →

EMVCo and FIDO Alliance Provide Essential Guidance on Use of FIDO with EMV 3DS

As leaders in authentication and payments spaces respectively, the FIDO Alliance and EMVCo collaborate to…

Read More →

FIDO Alliance Announces Call for Speakers and Sponsors for FIDO APAC Summit 2024

February 21, 2024 The FIDO Alliance is excited to announce the return of the FIDO…

Read More →


12361 Next