A big bet to kill the password for good

You are probably still not feeling close to that digital unshackling after years of hints that a passwordless future is just around the corner. The FIDO Alliance thinks it has finally identified the missing piece of the puzzle after ten years of working on the issue.

FIDO published a white paper on Thursday that lays out their vision for addressing the issues with passwordless features that have kept them from achieving broad adoption. The paper was produced by members of FIDO, and they span chipmakers like Intel and Qualcomm, prominent platform developers like Amazon and Meta, financial institutions like American Express and Bank of America, and the developers of all major operating systems.

The paper is conceptual, not technical, but after years of investment to integrate what are known as the FIDO2 and WebAuthn passwordless standards into Windows, Android, iOS, and more, everything is now riding on the success of this next step.

Andrew Shikiar, executive director of the FIDO Alliance, says passwords are part of the success of FIDO. Password use should be easier than not using a password.

Advertisement

Even the most seamless passwordless schemes are not there in practice. The enormous inertia passwords are part of the challenge. Passwords are difficult to use and manage, which leads people to reuse them across accounts and creates security issues at every turn. They are the devil you know. It has been difficult to educate consumers about passwordless alternatives.

FIDO is looking to get to the heart of what makes passwordless schemes difficult to navigate. The group has concluded that the procedure for adding or changing devices is all that matters. If the process for setting up a new phone is too complicated, or if you have to fall back to passwords to reestablish your ownership of your accounts, there is no simple way to log in.

The passwordless FIDO standard relies on a device's fingerprints or a master PIN to be used to verify you locally. The main concept that FIDO believes will ultimately solve the new device issue is for operating systems to implement a FIDO credential manager, which is similar to a built-in password manager. Instead of storing passwords, this mechanism will store keys that can be used to sync between devices and be guarded by your device.

At Apple's Worldwide Developer Conference last summer, the company announced its own version of what FIDO is describing, an iCloud feature called "Passkeys in iCloud Keychain."