Are the days of remembering passwords over? Tech titans announce plans to transition to passwordless, FIDO sign-in technology over the next year.  What does this mean and how will it work? 

Remembering usernames and passwords can be a nuisance for us all.  In addition to wasting time and creating complexity for users, corporations face huge risks for passwords-gone-wrong.  In fact, according to a 2021 Verizon report, passwords caused 89% of web application breaches.  Passwords seem to be losing fans.

How password will get replaced

Fast Identity Online, or the FIDO Alliance, was established as on open-industry consortium in 2013.  With partners like Visa and Amazon, the alliance has been working with 250 organizations to develop industry-aligned, international standards for a passwordless world.  This large ambition, a decade in the making, will take years to execute to get to every corner of the web.  The announcement from Google, Apple and Microsoft is just the tipping factor needed to create momentum. The transition will happen over the next year.

The group has created a new standard: The FIDO sign-in.  With it comes more reliance on phones, PCs and tablets. I discussed the FIDO sign-in on TV recently.  

Shibani discusses new FIDO sign-in on KTVU Fox 2 Bay Area

In the report, I shared how the new protocol will rely entirely on your having another device – phone, tablet or PC.  Your device becomes like a remote control to unlock any website you visit. This eliminates the need for usernames and passwords because your identity is verified by and stored in your device instead of remaining on cloud servers of third parties.

How FIDO sign-in works

FIDO sign-in is a natural next step in online identity verification. Using a second device is already common practice with text codes and other 2 factor authentication methods required for sites like Gmail and apps like Netflix.  In addition, identify verification on our devices – with passcodes, biometric validation like Face ID or fingerprints – is also common practice. FIDO brings the two together in a seamless, more secure experience. Here’s how it works:

  1. Set up your FIDO sign-in device through a one-time registration
  2. Choose your verification method: finger print, Face ID/camera, microphone or passcode
  3. Sign on to your favorite app or website as you would normally
  4. Your device will create and push a FIDO passkey that lives on your phone to enable access in seconds

The technology is entirely reliant on your having a second device. As Google shares in a blog post:

Your smartphone will play a central role in authenticating users in apps and services without a password. When you sign into a website or app on your phone, you will simply unlock your phone — your account won’t need a password anymore.

Google press release

The device is critical because it holds the encrypted passkey, biometric data and private keys that verify your identity with websites and apps.  This is a win for privacy advocates because your data stays in your hands. 

Microsoft has been using this technology already in its latest OS versions, allowing users to sign on without passwords. 

Benefits of FIDO:

For the industry to take on monumental change like this, there has to be many benefits, to many parties. Emails and password breaches across the industry can cost companies billions. The cost of storing and securing passwords also parallels. According to the latest data breach report by IBM and the Ponemon Institute, the cost of a single data breach in 2021 is $4.24m. Users spend time and cost remembering and resetting passwords, as well.  FIDO aims to target pain points by:

  • Keeping passwords and authentication in users hands, not in 3rd party clouds
  • Creating a simple and seamless interface for consumers and businesses
  • Saving time and money in resetting passwords, reaching out to customer service
  • Eliminating threats of phishing and data breaches

The future of passwords

Apple, Microsoft and Google have all announced plans to migrate to FIDO sign-in over the coming year.  However, for the standard to hit your favorite local retailer’s website and other corners of the web, experts say it could take years. This means, passwords will disappear over time. 

So, maintaining good security practices with your phone and your passwords remains crucial. I have some tips here.  If your phone is unlocked and is lost, anyone who finds your phone could gain access to your email, Amazon account or other sites that use your phone to verify identity.  If your phone is locked and FIDO sign-in enabled, not to worry.  Thanks to cloud storage, you can access sign in on different devices.