UK To Invest In FIDO-Based Passwordless Systems To Improve Security
I just read the above article on Tom’s Hardware (a self-proclaimed authority on tech).
What is FIDO?
If you haven’t heard about the new FIDO security standard, you can find detailed information from the FIDO Alliance dot org website. FIDO stands for Fast IDentity Online. The FIDO Alliance has many large e-commerce, credit card companies, banks and 400+ other members pushing it forward. This is the new, stronger way to protect your online and mobile accounts and transactions. In summary, FIDO makes it easy for consumers to step up security on the typical username and password method. You can eliminate passwords with the right combination of biometrics and FIDO keys.
Biometrics Still Need a Second Factor
A common misconception about biometrics is they are used alone. That is still just single-factor. By definition, strong authentication must have two out of three factors: 1) what you know (username/password), 2) what you have (token, one-time key) or 3) what you are (biometric).
Thus, when you have a biometric plus a PIN or password, or a biometric plus a token, that is two factors. If the hackers get your fingerprint, they will not have the other factor.
The point of the article is the UK is adopting the new FIDO security standard which includes Universal 2 Factor (U2F) and makes it easy for consumers to add a second factor to their username and password. This results in What You Know plus What You Have (token) or What You Are (biometric).
SurePassID Provides What You Need
We (SurePassID) have a FIDO-certified authentication server that can quickly enable any website or mobile app to accept FIDO keys. That’s the server side. On the user side, a user can find a FIDO key on Amazon or use the FIDO key they may already have.
We also offer additional choices to enable mobile users to use what they have (mobile phone with TouchID) plus our exclusive Virtual Mobile FIDO Key. That key can only be released if the fingerprint matches on the phone. Thus, no password is necessary because the two factors are biometric (TouchID built into the phone) plus our Virtual Mobile FIDO Key.
The important takeaway here is that FIDO supports strong authentication and a “bring your own security” model. This should make businesses, banks and government services happy since they don’t have to support tokens which is a help desk cost and hassle. If you lose your FIDO key, you can have a temporary code sent to your mobile phone. Or you can use a back-up FIDO key (you can have as many as you like). Then simply order another FIDO key from Amazon and register it to your account.
Please reach out to SurePassID if you want more information or want to pilot a FIDO solution for free.