The FIDO Alliance is no fan of passwords, but it did have much to celebrate on the occasion of this year’s World Password Day.
Writing on the organization’s website, FIDO Alliance Executive Director Brett McDowell noted that World Password Day was in fact founded by a FIDO Board member, Intel. But that was seven years ago, and “much has changed” since then. In today’s digital environment, passwords do not offer sufficient security, and for that reason, McDowell wrote, “I applaud World Password Day’s commendable focus on multi-factor authentication this year.” There is a growing recognition that while passwords on their own offer only a false sense of security, together with additional authentication factors such as biometric scans or USB keys, they can be part of an effective security framework.
FIDO, of course, wants to get rid of passwords entirely, and the organization recently unveiled its latest effort to do just that. Its new FIDO2 standards are designed to allow PC and laptop users to leverage security keys and even the fingerprint sensors of their smartphones for online authentication – not as additional factors, but as full password replacements. They don’t even need external devices; they could use their computer cameras to sign in via facial recognition. And soon users will be able to take advantage of these mechanisms directly through web browsers, allowing them to sign into their usual online services without having to remember complex passwords that could potentially be stolen.
As McDowell wrote, “the humble password has outlived its efficacy”. It’s time for World Password Day to mark its historic end.