Sunday, March 20, 2022

Finally, the End of the Password?

If 110 global organizations including Amazon, American Express, Apple, Bank of America, Google, ING, Meta, Intel, Mastercard, Microsoft, Docomo, PayPal, Qualcomm, Samsung, Visa, Chase, Akamai, Ebay, Fidelity, Fujitsu, Hitachi, Huawei, KDDI, NEC, Netflix, NTT, SoftBank, SKT, Sony, Rakuten, Twitter, Vanguard and Verizon all agree they want something done, and have within themselves the power to mandate usage, do you think that something will remain undone?


And that something is the end of passwords as an authentication and security mechanism. 


For mass market users and app providers, internet security requires low-cost authentication mechanisms with very high assurance levels. “Who are you?” and “Do you have permission to use this app?” are among the key functions authentication mechanisms provider. 


Up to this point, passwords have remained a common authentication mechanism, even if most users and app provider consider the method unsecure and a barrier to user experience. 


Two-factor authentication, multi-factor authentication, biometric (fingerprint or facial recognition), single sign-on, token-based (security dongles) or certificates are other methods. But the sheer number of alternate methods make simple, user-friendly authorization difficult to scale. 


source: FIDO Alliance 


The Fast IDentity Online Alliance (www.fidoalliance.org) was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. 


The organization now believes FIDO-based secure authentication technology will for the first time be able to replace passwords as the dominant form of authentication on the Internet.


Multi-device credentials are a key enabler. 

source: FIDO Alliance 


The FIDO Alliance and the W3C WebAuthn working group propose a new version (“Level 3”) of the WebAuth specification using the smartphone as a roaming authenticator, plus multi-device FIDO credentials.


In a sense, this is another application of cloud computing. Credentials are not stored on single hardware devices. When users move to different devices, the credentials still are available because they are independent of any hardware. 


No comments:

AI Agents are to AI as the Web and Broadband Were to the Internet

In the early days of the internet, people could mostly share text on bulletin boards. Web browsers allowed us to use video, audio and text. ...