Although promises have been made before, this time, with backing from some of the biggest names on the web, it appears that passwords are on the way to becoming obsolete. The alliance known as FIDO, or Fast Identify Online, has recently published a first draft of specifications for proposal of the new standards.
FIDO is composed of institutions such as Google, Samsung, Microsoft, Alibaba and others, along with financial institutions such as Visa, MasterCard and the Bank of America. Two proposals have been drafted, and some of the technology is already in use.
The Universal Authentication Framework (UAF) and Universal 2 Factor (U2F), are already installed as authentication factors on the Galaxy S5, and adoption of the standards will make sure that biometric identification processes, such as fingerprinting, can be used on services or compatible platforms where it is adopted. It may mean that passwords will no longer be needed to get access to social networks such as Facebook or Google+.
Implementation of the proposed standards can be done on hardware in much the same way as USB is used, and the standardization will mean that it can be implemented across multiple devices. All that is required is the authentication key, which will be supplied by the provider, allowing users to then log into any FIDO-compatible platform or service with the use of some unique biometric feature.
Other authentication rules, such as OpenID and RSA SecureID have been in use for a while, but adoption was not widespread; mainly because of the lack of standardization. However, with the recent proposal, log-ins can now be created using iris scanners or fingerprint readers.
The non-profit consortium was formed two years ago, in July of 2012, with a mission to develop specifications to reduce the need for passwords. It was recognized that users needed to create multiple user names and passwords, and the lack of interchangeability prevented adoption of strong authentication devices, and failed to end the need for passwords. The newly proposed standards, which are fully open and scalable when fully adopted, may eventually be embedded with browsers as a plug-in, and will allow websites or cloud-based services to readily access a broader variety of devices on which the FIDO standard is implemented.
The open protocol now means that even smaller businesses will be able to use two-factor log-in without a password. The earlier versions, such as the chip used in the fingerprint reader in Samsung’s smartphone and by Google for access to Gmail, have been successful, as implementation was easily accomplished, and further adoption now reduces the concern for compatibility with different hardware. The feature can now be expected to be included in a wider array of phones, laptops and tablets.
The ease with which the standards can now be integrated may also mean support for Near Field communication chips or even Bluetooth technology in the future. The communications industry appears to be impressed with the solution that has been described as elegant and may mean that the need for passwords to log in to various accounts could become a thing of the past.
By Dale Davidson