Data breaches and cyberattacks are often the result of weak or stolen passwords. Developing an authentication system that doesn’t involve passwords will be the key to more secure systems. One organization trying to eliminate the need for passwords in favor of biometric logins in order to make ransomware attacks and widespread hacking more difficult is the FIDO Alliance.
According to Andrew Shikiar, co-executive director of the FIDO Alliance, with FIDO’s unique specifications, biometric identification will be stored directly on a physical device rather than on a server, like most passwords currently are. By eliminating the use of a centralized system, FIDO’s specifications prevent hackers from being able to steal or manipulate user data.
Every time a user creates a biometric password using FIDO’s specifications, a unique key pair is created that is stored on the device itself. The private key is housed on your device while the public key, which holds no material value, sits on a server to replace a physical password, Shikiar explained.
Shikiar and his team have created new UX guidelines that aim to help users easily shift away from password-based logins and transition to biometrics. According to Shikiar, he and his team launched a task force of design leads, UI leads, and UX leads to create a testing site for servers, clients and authenticators adhering to FIDO2 specifications.
These new guidelines look at desktop authentication and provide a step-by-step process to assist in successful and widespread implementation of FIDO’s specifications on multiple different platforms. The UX guidelines also work to seek out data driven guidance to determine the method that will most often result in a positive outcome.
While FIDO-based systems are becoming more popular, Shikiar attributes the lack of a universal adoption to a lack of widespread education as well as other compatibility issues that have been roadblocks in the past. He and his team have since smoothed out any major issues with the use of a public API that allows for any web developer to properly implement FIDO specifications into their systems.
According to Shikiar, passwords are a soft spot that hackers can exploit and FIDO’s method along with their new UX guidelines will help to store important data more securely in the future.