How the FIDO Alliance is solving today's password crisis

How secure is your password? Most likely, not secure enough.

With the latest leak of passwords stolen from 117 million LinkedIn users, even Mark Zuckerberg was found to be using a simple password — “dadada” — across at least two social media sites.

The high-profile reveal demonstrates that most of us should practice better password security. Security experts advise users to create passwords containing eight digits or longer with a variety of letters, symbols, and numbers. Additionally, users are encouraged to use a different password for every online account to safeguard themselves from having multiple accounts compromised.

So why, despite highly publicized password thefts and best practices for password protection, do most of the general population — and even a billionaire CEO — choose not to change their ways? The answer is simple: They don’t like the user experience.

Increased Number of Online Accounts Means More Passwords

According to Dashlane, an online password management tool, the average U.S. Internet user has 130 accounts, which means having 130 different passwords. Keeping track of that many passwords is not a simple feat, unless you have a photographic memory. So it’s understandable why many users revert to easy-to-remember passwords — “password” is a popular one — and reuse them across multiple accounts.

For companies making significant investments to safeguard their data, employee and customer reuse of passwords and use of simple passwords creates significant risk.

In response, some companies have added “two-factor authentication” or “two-step verification” — typically a one-time passcode (OTP) sent to a mobile device — to their websites and mobile applications. Unfortunately, the extra step to the process creates a slower, less enjoyable user experience.

So what’s next?

FIDO Offers Next-Generation Mobile Security

To address the issues that users face creating and remembering multiple usernames and passwords, the FIDO Alliance was formed and officially launched in 2013. Including founding companies Nok Nok Labs, PayPal, and Lenovo, this industry consortium focuses on developing technical specifications for using biometrics rather than passwords for identifying online users.

Since the early 1980s, biometric systems of identification and authentication using voice, fingerprint, or iris scan were used for guarding mainframe access or restricting physical entry to high-security areas. Today, biometric technology enables convenient, reliable, and secure access to websites, mobile apps, and corporate databases using a user’s unforgettable biometric data.

Support for Biometrics Growing

According to Gartner Research, by 2020 new biometric methods will displace passwords and fingerprints for access to end-point devices across 80 percent of the market. This projected growth is heavily dependent on availability by solution providers such as Samsung SDS, which offers a FIDO biometric solution for Samsung and Apple devices.

Is your company prepared to offer your customers and employees biometric authentication?

Image Source: GCN

Shankar Saibabu
Shankar Saibabu

Shankar Saibabu is the lead Solutions Architect and FIDO Standard Specialist for the Financial Services Team at Samsung SDS America. Shankar has various experiences in regulated industries when it comes to software solutions and services, including the healthcare industry.