This week in Berlin at the ISSE conference, a debate took place between member organisations of the FIDO Alliance, and as Authlogics is very interested in this initiative, we were very keen to hear what developments are being made in our crusade to free society from passwords.
“Passwords are not the answer,” says Malte Kahrs, CEO of MTRIX.
Two of the key inhibitors that stand in the way of replacing passwords are complexity and apathy. Today, many security professionals are adding layers (factors) of complexity to try and make their organisations, customers and users (the entire supply chain) more secure, while others are placing their head in the sand. However, the lack of a standard means everyone is working independently to solve the same problem, and as a result we have many different ways in which we authenticate depending on the service we are using.
Sandro Gianella works at Google in Germany and he says “if you look at the big issues, passwords is the number one that we need to deal with. We need to move away from passwords and find a solution people can rally around. To do that we need to work together.” This is where FIDO steps up to take on the challenge.
For those of you not familiar with FIDO (Fast IDentity Online), it was formed in 2013 and Authlogics announced itself as an associate member in July 2014. Its mission is to deliver simpler, stronger authentication. In order to achieve this FIDO believes that you need to give people choice with regard to how they wish to authenticate themselves online. In this short time FIDO has attracted more than 200 member organisations to its cause, most notably Google and Microsoft.
“FIDO is a great coming together of thinking and mindsets,” says Michael Kranawetter from Microsoft. He encourages organisations to think carefully from the user perspective, placing ease-of-use at the forefront: “The user experience needs to be very easy.”
It is only as more and more authentication solutions are developed to be FIDO certified, are adopted commercially and accepted by the user community that we will see the market reach critical mass, and finally passwords will no longer blight our lives. Gianella says that there is a need to engage with more than just the techie community, and this is something Authlogics has been advocating for some time.
However, as Bernd Kowalski from the Federal Office for Information Security in Germany stresses, the usability of the authenticator is key, as is the technical integration and of course cost. “Tokens are expensive, whilst passwords are low cost.” Here at Authlogics we are seeing a concerted drive away from traditional hard-tokens in sectors such as financial services, healthcare and legal.
From our perspective FIDO is a great movement, but the truth of the matter is there is still much to be done. The onus is on those of us working within the industry to educate organisations to the commercial and operational merits of password-free authentication and help them to make the transition as easy as possible.
There are huge organisations such as Google and PayPal forging ahead but FIDO will not realise its ambition if smaller enterprises do not play their part. With solutions such as Authlogics there are technologies currently on the market that have been developed, launched, adopted and proven to meet Kowalski’s three main criteria. So, why wait to unshackle yourself from passwords?