News & Views
FIDO comments on passwords
The persistent problem with passwords continues. They are expensive to reset and our tendency to use the same ones across services increases account takeover and brand damage risks – as seen with recent security incidents at Tesco Clubcard and Boots Advantage.
“It is time to reconcile with the fact that few things are holding data security back more than the ‘shared secret’ model of password-based authentication,” says Andrew Shikiar, executive director of the FIDO Alliance (https://fidoalliance.org).
“Today’s average consumer has dozens of accounts online, with a handful of often recycled passwords ‘protecting’ them. This is an incredibly potent security risk, as the information sitting between hackers and valuable data is stored on centralised databases that can be easily intercepted and then re-used for nefarious means.”
“Luckily, major players across industry sectors are collaborating to revolutionize the way that consumers log in – in favour of more sophisticated approaches, such as multi-factor authentication and biometrics,” continues Shikiar. “This standards-based approach eliminates the need for centrally-stored passwords and centralized management of authentication credentials and instead presents a user-friendly approach to public key cryptography that allows consumers to log in directly through leading browsers, phones and PCs that they already use on a daily basis.”
With high-profile members including Google, Samsung, PayPal and Visa, The FIDO Alliance is a non-profit consortium that addresses the authentication problem by providing convenient and secure logins to web services and mobile apps.