Τα μέλη του διοικητικού συμβουλίου της FIDO alliance περιλαμβάνουν τις εταιρείες Amazon, Google, PayPal, RSA, Apple, Microsoft, Intel and Arm. Their mission is to reduce the “overly dependent on passwords".
Today Wired reports that the team believes it has “finally found the missing piece of the puzzle” to finally achieve the adoption of a technology large scale to replace passwords.
On Thursday, the agency published one white paper (PDF) which describes FIDO's vision for resolving usability issues that occur in passwordless functions and seemingly prevented widespread adoption.
White paper is conceptual, not technical, but after years of investing in the integration of known standards without a password FIDO2 and WebAuthn in the functional ones Windows, Android, iOS and more, all leading to the success of the next step….
FIDO is trying to get to the heart of the problem that makes passwordless systems difficult to use. The team concluded that everything ends up in the process of changing or adding devices. If the process of setting up a new phone, say, is very complicated and there is no easy way to connect it to all the applications and accounts already in use - or if some passwords need to be used at the same time - then most users end up to the conclusion that it is not worth the change.
The password-free FIDO standard is already based on a device biometric scanners (or a master PIN of your choice) to authenticate you locally without any of your data traveling over the Internet to a web server for authentication.
The main idea of FIDO, which is believed to eventually solve the problem of new devices, is for all operating systems to implement a "FIDO" credential manager, which will be somewhat similar to a built-in password manager.
Instead of storing passwords literally, the mechanism will store them cryptographically wrenches which can be synced between devices and will be protected by a biometric lock or a single password lock. At Apple's Worldwide Developers Conference last summer, the company announced its own version of the mechanism described by FIDO, an iCloud feature also known as “Passkeys in iCloud KeychainWhich, according to Apple, is its "contribution to a world without passwords".
The FIDO white paper also includes another item, a proposed addition to the specification that would allow one of your existing devices, such as your computer to act as a hardware token, similar to standalone Bluetooth authentication dongles, and provide physical authentication via Bluetooth.
The idea is that the method will be essentially phish-proof, as Bluetooth is a proximity-based protocol and can be a useful tool for developing different password-free schemes.
For FIDO, the biggest priority is a change in the current account security model that the Phishing past…
Of course such a change will not happen overnight. If you only think about the difficulty of some to leave them Windows XP, the road will be painful.
