FIDO alliance or fast ID online alliance is a group of industries aimed at standardizing authentication during online activity. A few days ago the mega alliance tech giants Google, Apple, and Microsoft announced a zero password sign-in method. This announcement makes it clear that the password free sign-in will be introduced later this year. You will be able to sign in to various web accounts without a password.
What is the password free sign-in method?
In the age of the internet, the password free sign-in method is continuing for a long ago. If you use a smartphone these days and you log in to your Gmail on various devices, you will likely see an authentication push notification to verify whether it’s you or not. This type of authentication push notification for the zero password sign-in method. And to verify you could use a pin, pattern, fingerprint, face-lock, etc.
Do we need zero password sign-in?
Passwords do not offer effective security these days, they can be stolen or compromised if the password is not properly protected. According to Verizon’s annual Data Breach Investigations Report, weak passwords are liable for more than 80% of all data breaches. Passwords are the single largest root cause of most attacks including account takeovers, advanced persistent threats, and ransomware. Passwords are still used everywhere despite the issues because they are relatively easy to implement and people know how to use them.
Security teams rely on technologies such as multifactor authentication and password managers to provide additional protection to the security around accounts, platforms, and data. With that many precautions still, these controls have made minimal security gains, mainly because they still rely on passwords and the one-time passwords sent over SMS. The announcement from Google, Microsoft, and Apple indicates that expanded support will be implemented in macOS, Android, and Windows. The actions used to unlock the mobile device such as fingerprint, face scan, and device PIN will give access to the passkey stored on the device. Signing in with the passkey is more secure because it’s based on public-key cryptography.