Passwordless Sign-in, what is it and how does it work

Passwords have come a long way in the advancement of computing. Password in the beginning was a revered technology however, just as everything in technology advancement is never constant and rather growing with improvement as vulnerabilities become obvious in time. Password is receiving a lots of finger pointing for a rethinking of authentication and how we now it.

There have been several attempts at reformation of passwords beginning with the utilization of Trusted Platform Module (TPM), two factor authentication which requires a password and a second code delivered trough an additional layer of communication owned by the password owner (usually a mobile number to receive a text message or voice call or an email address to receive the secret code via the users mailbox). This proposition has faced a lot of opposition mostly with argument on the unreliability of the message delivery pointing to a non existence of full proof delivery for a reliable authentication. In the midst of these conversation, an alliance was formed to be known as the FIDO Alliance. Since the article; WebAuthn now official standard FIDO has made more lauunches on to consumer platforms.

What is the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that “help reduce the world’s over-reliance on passwords”. FIDO addresses the lack of interoperability among devices that use strong authentication and reduces the problems users face with creating and remembering multiple usernames and passwords.

The alliance started off in 2009 when Validity Sensors (a fingerprint sensor solutions for authentication, mobile payment and touch-based navigation systems provider) and PayPal (a multinational financial technology company operating in online payments) discussed using biometrics for identification of online users instead of passwords. The meeting inspired the idea to work on an industry standard designed around public key cryptography, enabling a passwordless log-in backed purely by local authentication.

About three years later on July 2012, The FIDO Alliance was founded by PayPal, Lenovo, Nok Nok Labs, Validity Sensors, Infineon, and Agnitio, and work on a passwordless authentication protocol began. The alliance became official on February 2013 when the alliance was made public. A month later on April 2013 – Google , Yubico and NXP joined the Alliance and brought with them the idea of an open, second factor authentication protocol. Such second­-factor devices were successfully deployed to Google employees as a precursor to publicly publishing the second-­factor protocol. By July 2020, Apple and Microsoft ad among others joined the alliance.

The technical perspective

Technical Webinar: Getting to Know the FIDO Specifications

Organisation like Meta Platforms’s Facebook, Feitian, NXP, OneSpan, Google, Yubico and Microsoft has already integrating the FIDO standard where users after their fist sign-in would recieve an option to activate the feature. Upon consent, the user need to just enter their password as the only verification on their next visit. This feature is not recommended to be activated on a shared device, do keep in mind.

Integrating FIDO and Federation Protocols

Integrating FIDO and Federation Protocols

The future as we are creating is solving lots of problems as well as creating new forms of problems, a phenomenon worth noting for your safety on the web. As the web does its best to inform you, do well to look out for yourself out there as well.

The industry’s answer to the password problem
More Information

FIDO Alliance
FIDO2 API for Android | Google Identity | Google Developers
Getting Started for Developers
FIDO 2.0: Web API for accessing FIDO 2.0 credentials
FIDO Members
Download FIDO Authentication Specifications