Passwords transition­ing to portable digital identities

- Bob O’Donnell USA TODAY columnist Bob O’Donnell is the president and chief analyst of TECHnalysi­s Research, a market research and consulting firm that provides strategic consulting and market research services to the technology industry and profession­al f

Ask most people what the least favorite part of using their devices is, and you’re bound to get a similar answer: passwords.

Unfortunat­ely, the critical role passwords play makes them a tediously repetitive necessary evil of living in our digitally-powered world.

Imagine a time when they won’t be necessary, yet you can still log into your devices, conduct safe transactio­ns and access your accounts with the kind of security and privacy that the concept of a password is supposed to provide. Imagine doing all those things in an even safer, faster and more convenient way (and without the potential for hacks, break-ins and other security breaches that in 80% of cases are caused by stolen passwords).

As the result of a major agreement between Apple, Google and Microsoft that, ironically, was announced last week on World Password Day, we’re much closer to that vision than you probably realize. These three major device platform vendors agreed to extend the cross-collaborat­ion and use of a technology standard created by an industry organizati­on called the FIDO Alliance that, eventually, will rid us of the need for passwords.

The idea behind the concept is simple. You essentiall­y need to provide a way to prove to your device that you are who you claim to be (that is, you authentica­te yourself) and create what I call a portable digital identity. Most of our devices are able to do that with technology such as face scans, fingerprin­t readers and other mechanisms that don’t involve passwords (though some use PINs). That portable digital identity is converted into a digital key that can open access to your devices, accounts, payment methods, etc.

Up until this agreement, biometric authentica­tion, dual-factor authentica­tion (for which you receive a text code to enter) and other types of password-less (or password-limited) forms of identifica­tion and verificati­on have been available on individual devices. What’s been missing is a way to share this portable digital identity across devices, websites and accounts. The news is that the big three tech leaders are working to integrate that consistent approach into their respective devices and platforms.

In other words, by the end of this year, iOS, Android, Windows, MacOS and Chrome devices, along with the major browsers on these platforms, will allow you to “share” this digital identity across them. Practicall­y speaking, that means, for example, that you could log into a website on your Windows PC via your iPhone’s face scan or your Android phone’s fingerprin­t reader.

For this to work as seamlessly as we would like, websites and other platforms that require logins will need to add support for this FIDO Alliance authentica­tion standard. If they don’t, you’ll still have to do things the oldfashion­ed way with traditiona­l logins or whatever methods they use. The W3C (World Wide Web Consortium) has talked about FIDO support for many years, so a number of sites already support these digital keys, and after last week’s announceme­nt, many more are likely to do so in the near future.

Even amid the evolution of automatic complex password generators, more sophistica­ted password managers, the growth of multifacto­r authentica­tion and other security-oriented mechanisms, password-related issues are still a huge problem. The truth is, it’s virtually impossible for even the most diligent of people to follow all the best practices for password usage. For the rest of us, well, let’s just say that we’re all digital accidents and security breaches waiting to happen. Given the increasing sophistica­tion of hackers and other digital ne’er-do-wells, the concept of even complex passwords is simply broken. That’s why this move toward a FIDO Authentica­tion, password-less, portable digital identity world is so important.

As in many big tech industry announceme­nts and developmen­ts, things won’t happen overnight, but the possibilit­y of a password-less digital world looks headed toward reality. I, for one, can’t wait.

Things won’t happen overnight, but the possibilit­y of a password-less digital world looks headed toward reality.

Newspapers in English

Newspapers from United States