The FIDO standards, together with their companion WebAuthn specification, are on the cusp of an important new development: evolutionary changes to the standards proposed by the FIDO Alliance and the W3C WebAuthn community aim to markedly improve the usability and deployability of FIDO-based authentication mechanisms. As a result, FIDO-based secure authentication technology will for the first time be able to replace passwords as the dominant form of authentication on the Internet.
In this paper, we explain how FIDO and WebAuthn standards previously enabled low-cost deployments of authentication mechanisms with very high assurance levels. While this has proved an attractive alternative to traditional smart card authentication, and even opened the door to high-assurance authentication in the consumer space, we haven’t attained large-scale adoption of FIDO-based authentication in the consumer space. We explain how the introduction of multi-device FIDO credentials will enable FIDO technology to supplant passwords for many consumer use cases as they make the FIDO credentials available to users whenever they need them—even if they replace their device.