How FIDO Keys Will Accelerate a Passwordless Future

The FIDO Alliance is an open standard that allows users to authenticate via a highly secure, phishing-resistant, and easy-to-implement cryptographic login.

Passwords are still the primary means of protecting much of our infrastructure today. However, despite being the gold standard method of security, passwords are inherently problematic and will continue to be so as technology evolves. Passwords are knowledge-based, which means they can easily be guessed or stolen. They are also a source of frustration for users, which can negatively impact employee productivity, customer satisfaction, and therefore revenue.

The FIDO Alliance: A Complete Solution for a Passwordless Future

One of the most popular recent developments in the field of passwordless is the FIDO (Fast Identity Online) Alliance. The FIDO Alliance is an open standard that allows users to authenticate via a highly secure, phishing-resistant, and easy-to-implement cryptographic login. FIDO2, the latest protocol, leverages users’ physical devices to locally store credentials on secure hardware and sign authentication challenges. Apple, Google and Microsoft’s joint announcement to support passwordless is a clear statement that FIDO is the way forward to a passwordless future, making it the new normal. . Keys remove the most common barriers to FIDO adoption by allowing users to register for FIDO only once, sharing the credential between devices on the same platform, and being able to Leverage FIDO devices registered on one platform to authenticate when logging in from another platform.

Initial problems with FIDO

Registration and ease of use are some of the downsides of FIDO keys. One of FIDO’s initial problems was that they still had to use weaker authentication mechanisms during the initial registration process. The first time you registered a FIDO platform device, you had to bind your user authentication to that platform on that device. This means that if you are trying to log in from another platform device that you own, you will need to authenticate using another method first before the site or app will give you access. Then, once access is granted, you should also register this new device so that you can use FIDO on this device in the future. This process should be repeated on each of the devices you use to access the site.

It’s easy to see how ease of use has become a tedious task, making organizations reluctant to give up passwords and familiar login experiences. For FIDO to realize its vision of passwordless and the threat of common password attacks, it needed to be fully embraced as the primary and only means of user authentication. Also, the inability to eliminate passwords completely eventually led to recovery issues. Users ended up always needing access to at least two FIDO devices in case they lost one in order to recover their account. As you can see, there was a plethora of puzzles associated with FIDO.

How FIDO Passkeys Present a Solution

FIDO’s problems were obvious, but there was a solution to improve it and stay on track for a passwordless future. This is where the introduction of FIDO keys comes in. This is a behavioral addition to the specification and implementation. FIDO keys are a more efficient way for a user to enroll their FIDO devices and check in to new sites during initial setup. Also, FIDO keys do not require a tedious backup or recovery process. You can simply enroll or unenroll devices with cloud backup from your service provider. Passkeys are also accelerating the adoption of FIDO in enterprises. Now, FIDO credentials are no longer tied to a specific device, but are automatically synced to the cloud, making account sign-up and recovery simpler and more resilient. Passkeys can also share credentials between different provider platforms.

Embracing FIDO and phasing out no-password is an initiative in its own right being pushed by big tech companies, and we’re now seeing more promising improvements being explored. Some of these improvements are intended to meet the requirements of different market sectors. Others plan to create an easy, secure, and familiar user experience by integrating FIDO digital certificate authentication into the browser’s password manager, making authentication a no-brainer for users.

The trade-offs of adopting passkeys

FIDO passkeys are a new and exciting step towards a passwordless future. That said, despite the plethora of benefits they offer, passwords are still not a silver bullet. Organizations should consider the following points before embarking on the adoption of security keys. Passwords are stored in the cloud and therefore require a thorough review of your cloud security controls. The keys are managed by the supporting platform, i.e. Google, Microsoft, etc. Therefore, organizations must accept that a third party will not only take an active role in user authentication, but will also require users to enable cloud backup.

FIDO servers are still needed to start using passkeys. These servers are not provided by any of the support platforms. Additionally, when considering the adoption of passkeys and FIDO in general, enterprises should also consider that FIDO is still an evolving standard that currently has different phases of implementation maturity on different platforms and browsers.

We would love to say thanks to the author of this short article for this incredible material

How FIDO Keys Will Accelerate a Passwordless Future

Check out our social media profiles as well as the other related pages