No one hates passwords more than I do and it seems like I’m asked to register for a new site each day. For those of us in the know, this situation of “password sprawl” is even more frustrating because we really should have solved this problem years ago. After all, Whit Diffie, Marty Hellman, and the RSA guys first came up with PKI back in the 1970s so you’d think that passwords would be dead and strong authentication would be ubiquitous by now!
Thankfully, there may be hope on the horizon in the form of the FIDO alliance. The group, composed on a who’s who of industry big shots like ARM, Bank of America, Discover Card, Google, Lenovo, MasterCard, Microsoft, PayPal, RSA, Samsung, and VISA, is “developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance of passwords to authenticate users.” In other words, FIDO wants to introduce “trusted convenience” by making strong authentication easy to deploy and easy to use on the front-end (i.e., for users) and back-end (i.e., for IT).