Eight years ago, I wrote about FIDO, a proposal to replace passwords with a secure way of signing onto sites and applications. Of course, anyone can propose a new, better protocol for a security problem but implementing it and getting industry buy-in is the hard part and usually results in the death of the proposal.
Happily, FIDO seems to avoided that fate. Apple, Microsoft, and Google have committed to support the standard and are pledging to roll out implementations this year. If you’re Aunt Millie, you don’t care or understand any of this. All you know is that you’re not going to do anything more complicated than what you’re already doing. The FIDO proposal addresses this by making signing up for and using the FIDO protocol as easy as possible.
With the three major platforms signing onto the FIDO proposal, there’s a good chance that we’ll finally get away from depending on passwords and suffering from all their deficiencies. Doubtless the scammers will find weaknesses and ways to exploit the system but we’ll certainly be better off and the new system should be resilient enough to recover from the scammers’ incursions.
At the very least, we won’t have passwords like password
or 12345678
putting naive users and the rest of us at risk. I hope that by this time next year passwords will be a distant memory.