Passwords. They’ve always been an ongoing IT issue, but that subject is becoming exceptionally serious as organizations strive to support a rapidly growing mobile workforce using ever-increasing numbers of devices, and consuming more and more applications from external cloud platforms. Passwords are:
- Easily forgotten and easy to guess.
- Used across multiple devices and locations resulting in an expanded attack surface.
- A significant expense and drain on IT resources.
- Difficult to enter on mobile devices.
Multi-factor authentication (MFA) helps improve security, but typically results in a less-than-ideal user experience. It’s common for MFA to be deployed to only privileged access accounts--not so much used for the general employee, contractor, or temp-worker base.
Enter the Fast Identity Online (FIDO) Alliance. It’s the world’s largest ecosystem for standards-based interoperable authentication, and was formed to help solve the world’s password problem. FIDO Alliance board members comprise corporations including Bank of America, Google, Intel, Lenovo, PayPal, Qualcomm, and RSA, to name a few.
Being FIDO 2.0 compliant means:
- The technology is based on public key cryptography, and works with devices that people use everyday.
- Biometrics and keys never leave the device.
- The technology provides increased security, protecting against phishing, man-in-the-middle, and replay attacks.
This year, 2018, is the year the world will start shifting away from authentication methods currently used in business. The FIDO Alliance is seeing success as new solutions are emerging from Bank of America, ING, and PayPal, and enterprise application companies like Salesforce and Dropbox.
Eliminating passwords combined with the power to produce strong authentication presents an ideal opportunity for IT vendors, which have traditionally owned the initial authentication process. These vendors include Microsoft, which has owned Active Directory for many years; Google as it starts getting very sticky inside of enterprises; and Amazon as companies choose AWS services as the de facto choice for new applications.
This year you can expect to see the expanded security perimeter drive away traditional authentication methods in a number of companies, and accelerate the elimination of passwords. While most technology shifts in IT take years to evolve, the shift away from passwords has the opportunity to happen swiftly since it’s fueled by ongoing security risks, loss of application control, and burgeoning numbers of employees changing the way they work across devices and networks. I can’t think of a single person who will be disappointed to get rid of passwords, or a single company that wouldn’t want to embrace a stronger means of authentication. Stay tuned!