FIDO standard puts an end to passwords: is it also secure?
Microsoft, Apple and Google are joining forces to let their users log in without a password. With the so-called FIDO standard, your phone works as the only key. Is it really as safe? We explain.
Contents
Passwords and their risks
The largest tech companies in the world are working together on a standard that will allow you to log in without a password from next year. It is not surprising that this collaboration between companies such as Apple, Google, Microsoft and Samsung has come about, because companies experience a lot of problems as a result of passwords, the FIDO Alliance explains on its website.
In some cases where users have forgotten their password, help desk agents have to intervene to reactivate the account, which is costly. Furthermore, employees of companies can fall victim to a phishing attack that makes them share their password with malicious parties. The consequences can then be significant and according to research by HYPR, the vast majority of companies have to deal with phishing.
And apart from that, the password isn’t users’ best friend either. We don’t need to tell you that. If you have a password manager, don’t worry, but remembering all your passwords yourself is another matter. As an Androidworld reader, you may be asked for technical help from family or friends and you may have had problems with people forgetting their password.
How FIDO works
FIDO stands for ‘Fast Identity Online’ and the system was developed by the FIDO Alliance, which consists of the largest tech companies. The idea behind FIDO is that passwords become obsolete and your phone is the one to all your accounts. Whether you want to use those accounts on your PC or phone on other devices, it doesn’t matter.
The cooperation between tech companies is especially important. From 2023 it will in principle be possible to use your Android phone to access your Microsoft Outlook mailbox on a Mac computer. What a time to be alife, not? FIDO works in two steps.
Register password key
First, you have to use your iPhone or Android smartphone to create a passkey for a particular service, a short registration. That key is unique to a particular account and it is shared with the online service. You can register in different ways, namely via:
- face church
- A PIN code
- Face recognition
- Voice Recognition
- A security key
Use passkey
You can then use your phone to log in. If you are using a computer, you will first need to scan a QR code. You first choose the correct account and then you use a PIN code or biometric authentication again to confirm that it is you.
Registering keys and logging in
Is FIDO safe?
But can we conclude that the system of passkeys is just as secure as passwords? It’s a lot more secure than the average password and better than the strongest passwords, which are made up of unique codes with numbers, letters, and punctuation marks.
A great asset of FIDO is that your key is stored locally on your device. For example, if there is a security leak tomorrow at a webshop that you use, you do not run the risk that your password is in the hands of hackers. The necessary key to log in is stored on your phone.
In addition, authentication is also done completely on device and your fingerprint, for example, never leaves your smartphone. Your key is also never plain text when you log into a website or app and it is always locked by encryption. You can read all about the specifications of FIDO here.
What about theft?
Now you might think that keeping all your passkeys on your phone can also be quite risky. In the event of theft, you are protected because the thief cannot use your login method, because he does not have your PIN or fingerprint.
In addition, you can remotely lock your phone or delete the data. Your FIDO keys will not be lost as they are automatically saved in a backup and that is the Google Cloud in the case of Android devices.
Availability
From 2023 we can use the FIDO standard to log in. A requirement is that websites support the standard and they must adjust their security accordingly. Google has already rolled out the first preparations for Chrome and Android. What do you think of the system? Are you looking forward to using it, or will you stick with a traditional password? Let us know in the comments.
Do you want to stay informed about the latest news about the FIDO standard? Then download our Android app and follow us on Google News and on Telegram, facebook, Instagram and Twitter.
Theme week privacy: do you have tips or ideas?
Androidworld is the largest Android community in the Netherlands and Belgium. So we do this together! Do you have a question about the topic we discuss during the theme week or do you have ideas or tips? Let us know in the comments below this article. You can also email us at this email address or leave a message on Facebook, Instagram and Twitter. You can also ask us questions via this Telegram group. Would you rather send one of the editors a tip? Then you can!