The FIDO Alliance Claims To Have Found A Way To Kill Passwords

Source: Ars Technica The FIDO Alliance Claims To Have Found A Way To Kill Passwords

Somehow Totally Different From Passkeys in iCloud Keychain Or Password Managers

The majority of people are bad at passwords, especially in the volume you are expected to keep track of at this point.  We know reusing passwords is bad, as is writing them down and even the slight variations many use so that they are technically not the same password as on another service isn’t exactly great security.   On the other hand, we are also generally not great at remembering long lists of unique phrases, let alone recall which password belongs to which account; without some sort of mechanism to prime our memory.

Password managers like LastPass have been around for a while, allowing you to link all your accounts to a single password or biometrics challenge thus letting you have a long list of unique passwords which you do not have to memorize.   There are some problems with this however, from forgetting that single key password to losing the master device associated with the software and, of course, the possibility the of a security breach in the provider.  This has prevented some from adopting this solution, currently one of the least worst solutions to the password conundrum.

The FIDO Alliance’s plan is to develop WebAuthn credentials which can be either a passcode or biometric key which is stored locally on your device as opposed to authenticating it against an online database.   They have had previous success with this process, Apple’s iCloud Keychain and Google’s Advanced Protection Plan both make use of FIDO’s WebAuthn process but as of yet they have not seen much market penetration and have issues, as anyone who lost the device they set up iCloud Keychain on.

Ars Technica offers a brief overview of what the FIDO Alliance hopes to accomplish, or you can go straight to the white paper here.  Take a peek and see if you think they are onto something, or if this will just be yet another failed attempt to banish passwords forever.

On Thursday, the organization published a white paper that lays out FIDO's vision for solving the usability issues that have dogged passwordless features and, seemingly, kept them from achieving broad adoption.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

1 Comment

  1. Loonatic Fringe

    A better alternative, IMHO, is Steve Gibson’s SQRL. Secure login with a phone or other device – super slick.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!