Passwordless authentication methods driven by digital leaders like Apple, Google, Amazon, Microsoft and Mozilla, who joined forces with the FIDO Alliance, are the future of authentication security and usability. But there’s no need to get yourself deeply involved in the marteria and develop your own solution for passwordless authentication. FIDO-as-a-Service solutions like Hanko connect your business with state-of-the-art FIDO2 and WebAuthn technologies without the research, cost, and hassle of building new infrastructures from scratch.
Last year, the computer password celebrated its 60th birthday. That’s right, we’ve been using passwords since well before we landed on the moon. Considering the technological strides we’ve made since, shouldn’t we have moved past password security to protect some of our most sensitive data?
Already in 2004, Bill Gates announced that passwords no longer "meet the challenge for anything you really want to secure." By the early 2010s, everyone from tech journalists to higher-ups at IBM and Google declared passwords “dead,” “over,” and “done.” Clearly, they were onto something. Our current time, the cloud era, has exposed password-based security to an increasing number of vulnerabilities like phishing and sophisticated brute-force attacks. The solution? Ditching passwords, for good. Simply put, passwordless authentication is the most effective way to protect systems and data from bad actors. On the user side, it’s foolproof, allowing information to be accessed without having to remember anything. Popular examples of passwordless authentication include Touch ID and Face ID, which were introduced by Apple in 2013 and 2017, respectively.
The benefits of passwordless authentication extend beyond security. Gone are the days of recalling or updating one’s password, adhering to different password formats, and dealing with password management software. It’s no wonder “password fatigue” has entered the modern lexicon. Businesses, meanwhile, can use passwordless authentication to cut down on IT and support costs (password storage and management, password reset calls), scale more smoothly (less authentication admin for multiple logins) and get a better overview of credential use. On the front end, it’s all about improving user experience – a win for both companies and its customers.
Founded in 2012, the FIDO Alliance is the world’s premier patron of passwordless authentication. FIDO, meaning “Fast IDentity Online,” was created by companies like Google, Microsoft, and PayPal, who are united in the belief that passwords should be a thing of the past. Its aim is to make passwordless authentication seamless, secure, and the new standard.
The FIDO Alliance plays a key role in democratizing passwordless authentication technology. Organizations building their authentication stack on FIDO protocols can be FIDO certified. FIDO certification guarantees interoperability, ensuring an ecosystem in which all products leveraging FIDO’s core specifications (UAF, U2F and FIDO2 & WebAuthn) work seamlessly together. It is recognized as an industry-standard seal of approval. Moreover, requests for proposal (RFPs) increasingly list FIDO Certification as a prerequisite for vendors to submit a bid. The benefits of being FIDO certified are two-fold: It shows your organization takes its security seriously while raising the standards – and compatibility – of passwordless authentication worldwide.
Traditionally, switching to passwordless authentication required dealing with countless clients and protocols. FIDO is the all-in-one solution, bringing together technologies that range from biometrics (fingerprint and iris scanners, voice and facial recognition) to security tokens and smart cards. Sure, you could build an entire cybersecurity infrastructure yourself, but why would you? FIDO has developed all the protocols – tried and tested by some of the world’s largest companies – on which organizations can build industry-leading products and services.
FIDO builds on the principle that user verification should be based on who you are rather than what you remember. After all, your face and fingerprints are more unique than a string of letters, numbers, and symbols. FIDO protocols protect data with public key cryptography; cryptographic login credentials are unique for every website, never leave the user’s devices, and are never stored on a server.
A big part of the FIDO Alliance’s mission is to establish trust in passwordless authentication. It’s important for companies to know that making identity verification easier doesn’t mean making it less secure. Furthermore, using passwordless authentication should be similar to the ways in which users already interact with their devices, like looking into a camera.
eBay’s recent shift from passwords to FIDO offers the perfect use for how companies can simultaneously improve security and enhance user experience. Less than a year after implementing FIDO, eBay has seen an increase in opt-ins as well as higher login success and completion rates.
Whether you’re building a SaaS product, a challenger bank, or an online game – the first thing your users need to do is signing in. These logins should be secured and easy to use. FIDO is undoubtedly great for that but the implementation may become quite complex. If you are building FIDO authentication from scratch it will probably take you many weeks or even months. Time that could be spent on building and optimizing your core product.
Investing in a ready-to-use FIDO solution will save you developer resources, time, money, and some headaches as well. There are great solutions out there which can help you to connect your authentication processes with the world of FIDO. For example, with our Authentication API, Hanko gives developers the ability to build a robust FIDO-certified passwordless infrastructure as quickly as possible. Demo code, example implementations, best practices, and detailed instructions make the integration project a breeze. It’s all plug and play. The result? Your products and services come with simple and secure passwordless authentication for a streamlined back office and pretty face on the front. And since your customers already employ the technologies – from biometric authentication like Face ID and fingerprint to security keys – for everyday tasks like unlocking their smartphone or logging in to online banking, they won’t need to change their habits. Because the last thing you want to introduce is a learning curve.
Passwordless authentication is here and ready to be embraced. Hanko ensures you get in ahead of the adoption curve without the research, cost, and hassle of starting from scratch. For almost all companies, from international software and cloud providers to the public sector and companies in the financial and healthcare sectors, API providers like Hanko are a far safer, more cost-effective, and smoother way to make the transition away from passwords, 2FA, and authentication apps and toward passwordless online security.