USA TODAY US Edition
Passwords transitioning to portable digital identities
Ask most people what the least favorite part of using their devices is, and you’re bound to get a similar answer: passwords.
Unfortunately, the critical role passwords play makes them a tediously repetitive necessary evil of living in our digitally-powered world.
Imagine a time when they won’t be necessary, yet you can still log into your devices, conduct safe transactions and access your accounts with the kind of security and privacy that the concept of a password is supposed to provide. Imagine doing all those things in an even safer, faster and more convenient way (and without the potential for hacks, break-ins and other security breaches that in 80% of cases are caused by stolen passwords).
As the result of a major agreement between Apple, Google and Microsoft that, ironically, was announced last week on World Password Day, we’re much closer to that vision than you probably realize. These three major device platform vendors agreed to extend the cross-collaboration and use of a technology standard created by an industry organization called the FIDO Alliance that, eventually, will rid us of the need for passwords.
The idea behind the concept is simple. You essentially need to provide a way to prove to your device that you are who you claim to be (that is, you authenticate yourself) and create what I call a portable digital identity. Most of our devices are able to do that with technology such as face scans, fingerprint readers and other mechanisms that don’t involve passwords (though some use PINs). That portable digital identity is converted into a digital key that can open access to your devices, accounts, payment methods, etc.
Up until this agreement, biometric authentication, dual-factor authentication (for which you receive a text code to enter) and other types of password-less (or password-limited) forms of identification and verification have been available on individual devices. What’s been missing is a way to share this portable digital identity across devices, websites and accounts. The news is that the big three tech leaders are working to integrate that consistent approach into their respective devices and platforms.
In other words, by the end of this year, iOS, Android, Windows, MacOS and Chrome devices, along with the major browsers on these platforms, will allow you to “share” this digital identity across them. Practically speaking, that means, for example, that you could log into a website on your Windows PC via your iPhone’s face scan or your Android phone’s fingerprint reader.
For this to work as seamlessly as we would like, websites and other platforms that require logins will need to add support for this FIDO Alliance authentication standard. If they don’t, you’ll still have to do things the oldfashioned way with traditional logins or whatever methods they use. The W3C (World Wide Web Consortium) has talked about FIDO support for many years, so a number of sites already support these digital keys, and after last week’s announcement, many more are likely to do so in the near future.
Even amid the evolution of automatic complex password generators, more sophisticated password managers, the growth of multifactor authentication and other security-oriented mechanisms, password-related issues are still a huge problem. The truth is, it’s virtually impossible for even the most diligent of people to follow all the best practices for password usage. For the rest of us, well, let’s just say that we’re all digital accidents and security breaches waiting to happen. Given the increasing sophistication of hackers and other digital ne’er-do-wells, the concept of even complex passwords is simply broken. That’s why this move toward a FIDO Authentication, password-less, portable digital identity world is so important.
As in many big tech industry announcements and developments, things won’t happen overnight, but the possibility of a password-less digital world looks headed toward reality. I, for one, can’t wait.
Things won’t happen overnight, but the possibility of a password-less digital world looks headed toward reality.