Apple Is the Newest Member of the FIDO Alliance
You might think that there is an obvious reason for our continuous reliance on passwords. You probably assume that we still use them because we have yet to develop an alternative that is reliable and more secure than what we already have. This is not strictly the case, though.
The FIDO Alliance is an association of IT and financial companies that was formed in 2013 with the idea of developing a strong authentication mechanism that doesn't rely on passwords. FIDO is short for First Identity Online, and it's also the name of the authentication protocol the conglomerate of IT giants has created.
You can implement FIDO in a variety of different ways, but what sets it apart from the traditional login methods is that authentication is dependent on public-key cryptography rather than a password. The protocol has been around for a while now, and its advantages from a security standpoint have been proven beyond all doubt. The adoption rates, however, are dismal.
The number of people who use FIDO for authentication every day is still not as significant as it should be, and while this is partly due to the fact that most users aren't even aware of the protocol's existence, it probably has more to do with the fact that FIDO isn't yet supported by all popular software platforms.
According to ZDNet, however, Apple has recently made steps towards becoming a part of the FIDO Alliance, which means that this might be about to change. Before we get too excited, let's see why we need to adopt the FIDO protocol and what Apple's involvement might mean.
Why we hate passwords
Everybody should be familiar with the security shortcomings of the traditional authentication mechanism by now. Users create weak passwords and reuse them at almost every online service they sign up for. Even a strong password is susceptible to improper storage and exposure, and although two-factor authentication can help, many users don't bother with it, which isn't really surprising considering the implementation mistakes service providers make sometimes.
Security experts have been calling for the death of the password for years now, and initiatives like FIDO show that Silicon Valley is listening. So far, Apple has been staying away from the whole movement, but it appears that it too has realized that this is the right way forward. Let's see how this will affect the online landscape, though.
How will Apple's involvement with FIDO shape the future of authentication?
It's certainly going to help. Apple's ecosystem is enormous, and its reluctance to fully embrace FIDO has certainly stopped many service providers from implementing the protocol. Now, they are bound to be less reluctant to introduce new FIDO-based authentication methods. Whether this will be enough, however, is a different matter.
As we mentioned already, there are countless ways of implementing FIDO in an authentication system. Some involve biometrics, others rely on additional hardware, and others still revolve around simple four-digit PINs. This whole variety may be extremely confusing for many people, and the fact that different devices will inevitably support different authentication mechanisms is bound to cause even more trouble.
Trouble is the last thing service providers want. People won't adopt systems that are complex or difficult to use. If they are to start using FIDO with the same frequency with which they use passwords, they need to be assured that the new system is not just more secure, but also easier to use, and the fact of the matter is, at this point, service providers are just not sure if this is the case.
Even if we iron out all the issues and everyone decides that we all need to move to FIDO-based authentication, the transition will be long and painful. Apple's involvement is a step in the right direction, but it's still unknown how much influence the iPhone maker can have over the global state of affairs, and there are other concerns that need to be addressed. So, the password, for all its disadvantages, isn't going anywhere for the time being.