“What is FIDO?” is not the question, FIDO is the answer.
As services and accounts have transitioned from physical services to digital ones, validating someone’s identity has been made harder. Attackers come up with increasingly complex and ingenious ways to dupe online services into thinking an account is being accessed by a valid user. FIDO prevents that. FIDO is a secure means of confirming identity online that is both quick and hassle-free. Legacy authentication methods such as SMS OTPs are knowledge-based and therefore difficult to remember, a hassle to manage, and easy to phish and harvest.
Today, our mobile devices store data and provide access to important services – this makes safeguarding such devices and services more important than ever. Around 61% of all data breaches involve stolen or hijacked credentials, often due to poor password security, which is unsurprising when a survey from NordPass revealed that a shocking 63% of their respondents admitted to reusing passwords across multiple accounts.
Each of these password related difficulties presents an opportunity for an attacker to exploit. This could, ultimately, result in a damaging and costly breach with a potentially devastating impact.
When thinking about online security, we must also think about productivity. If a solution is so secure that it impedes on ease-of-use and productivity, employees won’t use it, making them even more vulnerable. FIDO allows employees to secure their accounts with a robust series of security measures, without hampering their day-to-day productivity.
How Does FIDO Work?
FIDO (or Fast IDentity Online) is based on free, open standard developed by the FIDO Alliance. It’s a protocol that uses public key cryptography to provide secure authentication without relying on passwords or one-time passcodes.
When registering for an online service, the user’s device creates a new, unique key pair (one public and one private), retaining the private key and registering the public key with the online service. From this point on, every time you attempt to log in, make a transaction, or exchange data with a service, your public key will securely authenticate you by confirming that you are the owner of the private key. As every key pairing is unique, this solution proves that you are who you say you are.
Users will use a FIDO device – a hardware key that looks much like a USB drive. Many of these devices will have additional security features like facial recognition, or fingerprint that will allow users to unlock the device. The service interacts with the authenticator via APIs to verify the identity of the user accurately and securely.
FIDO protocols are designed to protect user privacy. All communications are encrypted, and private keys remain on the user’s device, thereby decreasing the chance of a malicious actor being able to steal the details. Any biometric information used for authentication purposes is also stored on users’ devices, adding to the authentication processes’ strength and security.
What Is The FIDO Alliance?
The FIDO Alliance is an open industry association that was launched in February 2013, with the goal of developing and promoting authentication standards that move away from passwords and insecure security settings. They saw the overreliance on passwords as a risk and an opportunity for innovation.
Their mission is to develop technical specifications that define an open, scalable, interoperable set of mechanisms which work to reduce that password reliance. They also operate industry certification programs to help facilitate worldwide adoption of the specifications.
The FIDO Alliance has over 250 members, including notable global tech leaders across enterprise, telecon, payments, healthcare, and government. Leading companies with board level membership include Google, Microsoft, Apple, Facebook, Amazon, American Express, Mastercard, PayPal, VISA, and OneSpan.
Benefits Of FIDO Authentication
The core function of FIDO authentication is to improve the level of security associated with verifying an account. FIDO cannot be easily intercepted (unlike one-time passcodes) or easily cracked (unlike password which lack complexity or have been reused). The benefits do not end there – additional benefits include:
FIDO lets users unlock their account using biometric factors like fingerprints, facial recognition, or at the press of a button. Each of these options is significantly simpler and more efficient than having to memorize or manage passwords. There is also no need for users to install additional applications or software on mobile apps to facilitate the authentication.
There are hidden cost associated with passwords that most people probably wouldn’t think of, including secure password resets that often require some kind of authorization or assistance. The process of resetting passwords takes time. Although it might not seem like much, it has a value, and it adds up. When an organization requires an admin to authorize a password reset, one person’s password issue becomes multiple people’s problem.
The private keys will remain on the user’s device which makes it much harder for hackers to gain any of this data. They would need to access your device, which requires them to overcome an additional range of security measures.
Widespread Use And Support
FIDO is widely recognized as a secure and effective solution. It has, therefore, been adopted by a host of companies and services, meaning that you are unlikely to face compatibility issues or find services that don’t recognize FIDO.
Drawbacks Of FIDO Authentication
While there are many benefits to adopting this technology than there are downsides, it is worth considering the following cons, which include:
FIDO authentication brings the opportunitiy to reduce costs (via preventing time wasting password resets and financially devastating breaches), although there are additional expenses to consider. There is a cost associated with purchasing each individual key. FIDO keys range in price, with the more secure devices costing tens of dollars. While this cost may not be significant, across a whole organization it quickly adds up. This cost is mitigated slightly due to the fact that one token can store multiple keys for various apps and websites.
It’s An Extra Step
The cost of improving security can be a reduction in ease of use and a less streamlined experience. Although the FIDO Alliance have tried to reduce the impact of authentication as much as possible, it does still entail an additional step to verify an account. If users have to authenticate themselves multiple times each day, or each time they access a different application, productivity could take a knock.
Replacing password with FIDO-supported authentications leads to significant improvements for security by minimizing the risk of account compromise. This is achieved by enforcing phishing resistant two-factor authentication as seamlessly as is currently possible. This removes the risks that come along with weak or reused passwords and, instead, utilizes biometric factors. Ultimately, this reduces the window of opportunity that attackers must compromise your accounts.
FIDO Authentication is a relatively new technology that is being adopted remarkably quickly. As FIDO offers much higher levels of security than traditional authentication methods, it is an important step to consider implementing for the safety and security of your organization’s important data.
You can read our guide on the Top 11 FIDO Authentication Solutions to find out more about the solutions that are on the market and who they are most suited for.