The FIDO Alliance discovers the missing pieces for the world of 'no password authentication'
'Fast IDentity Online (FIDO)', which was born in 2012 to become a new form of 'authentication' which is an indispensable element in digital networks, is still the standard of authentication method in 2022 after 10 years. It has not replaced 'passwords', but announced that in the last 10 years it has found missing pieces for a 'future without the need for passwords'.
How FIDO Addresses a Full Range of Use Cases
Death of the Password? FIDO Alliance Reveals Its New Plan | WIRED
FIDO Alliance says it has finally killed the password • The Register
The FIDO Alliance, an organization that aims to standardize FIDO, is a wide range of members, including major OS makers such as Microsoft, Apple, and Google, chip makers such as Intel and Qualcomm, platform makers such as Amazon and Meta, and financial institutions such as American Express and Bank of America. Is participating.
FIDO was born in 2012, and even 10 years after that, I have the impression that it has not yet reached the 'existence that follows passwords.' In fact, already at a high level of authentication guarantee, FIDO can be deployed at a much lower cost and better usability than traditional IC cards, but 'password only' and 'two-factor authentication'. Is a trade-off between security and usability.
Over the course of 10 years, the FIDO Alliance has come to the answer that the key to FIDO success is 'ready to use,' and has shown further improvements to WebAuthn , a technology for achieving password-independent authentication.
One of the contents is to make the smartphone owned by the user a 'roaming authenticator (authenticator)'. The other is to provide better support for the ability to synchronize FIDO credentials between users' devices, especially the platform authentication feature. As a result, FIDO will be the first authentication technology that has the ubiquitous nature of passwords and does not have to consider unique problems or phishing risks.
FIDO says, 'By moving each service from its own password-based authentication system to a more secure platform authentication mechanism, we can significantly reduce the over-reliance on Internet passwords on a large scale.' It states.