Leave Passwords Behind: It’s FIDO Time

 In Cybersecurity

Passwords stink, to put it mildly. The technology behind them is decades old. According to Brett McDowell, Executive Director of the FIDO Alliance, “over time, market forces will make the password less and less interesting, less viable, and less effective.” And as recently as 2019, Verizon reported that 80% of hacking-related breaches involved compromised or weak log-in credentials.

Hackers have only become more sophisticated. They scour the dark web to obtain and distribute passwords, answers to secret questions, and other sensitive information.

If your organization still relies primarily on passwords for cybersecurity, it’s time to seriously consider shaking things up.

Fast Identity Online, or FIDO, all but eliminates the need for passwords, making it the cybersecurity model for the future. Leaders like Google, PayPal, Microsoft, Intel, Apple, and Visa have all turned to FIDO for authentication that reduces their cyber risk and increases productivity.

Here are a few reasons why you should join them.

FIDO gives you strength

From an organizational perspective, and as I pointed out in a previous article on this subject, FIDO overhauls the login process by standardizing hardware and software implementations for stronger two-factor authentication. It replaces password entry with cryptographic login credentials that are unique across every website, never leave the user’s device, and aren’t stored on a server—making them resistant to phishing and man-in-the-middle attacks.

FIDO supports nearly any type of additional authentication protections, including biometrics, one-time passwords, trusted platform modules, USB security tokens, near-field communication, and Bluetooth.

Benefits reach all parts of the organization  

From the C-suite on down, FIDO offers overwhelming advantages over passwords, such as:

  • Improved security posture. FIDO allows organizations to manage risk more effectively, reduce the likelihood of breaches and account takeover fraud, and eliminate security problems that stem from weak or repeated passwords.
  • Better user experience. FIDO enables secure access across a number of apps with just one action. It also streamlines onboarding through apps such as Microsoft Hello, which provide instant access through biometrics or a PIN unique to each device. It combines with single sign-on platforms like Okta for even more painless user experiences.
  • Greater compliance. FIDO authentication standards comply with security requirements in numerous regulations, including General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and the European Union Payment Services Directive (PSD2).
  • Reduced long-term Organizations can save money over time through FIDO through lower development and maintenance costs, little or no provisioning costs, lower password reset costs, faster time to market and, most important, fewer costly breaches.

FIDO fits your needs   

Just about any organization can bring FIDO into the fold. The interoperable technology aligns to existing products and applications. Google Chrome, Microsoft Edge, and Apple Safari support FIDO specifications, as do Windows 10 and Android platforms.

Stratascale helps organizations across industries navigate a seamless FIDO transition process by building a migration path. The first step is helping to generate buy-in throughout the enterprise by communicating FIDO’s benefits: no password resets, stronger protection, no account logouts, fewer IT support calls, and more.

Because FIDO is vendor-independent, hundreds of options can provide interoperability. That said, each organization has different needs around usability, availability, and security, so some products will fit like a glove while others will be a total mismatch. The Stratascale team can help you find the right solution for your app library by identifying which apps are FIDO-compatible and building a strategy to support those that aren’t.

FIDO standards do require some planning of different scenarios for continuity. But they offer a new future for streamlined and user-friendly cybersecurity. They’re beginning to cross the chasm into the mainstream: more and more tech giants, vendors, governments, and customers are adopting FIDO.

If you’re in the market for a cybersecurity solution that reduces your attack surface and provides a smoother user experience—all with little to no passwords—give serious thought to a future with FIDO.

For more information about FIDO and its capabilities, check out the FIDO Alliance website.