The number of email accounts I use has been ever-growing – all this started with the one for exchanging personal emails followed by another for official use and then kept on adding for every new business I started. I’m so addicted to using them constantly on my desktop pc, my laptop, my phone, and whatnot, sometimes even during the holidays (shhh, please don’t tell my wife). Quite funny that I don’t remember when was the last time I logged into them. So the other day I tried logging into one of them only to realise that I couldn’t access it since I had forgotten its password. After trying all the permutations and combinations of the letters, numbers, and characters that I could possibly keep as my password, the ‘forgot password’ option came as a savior. This makes me wonder that something that’s supposed to be MINE denies recognising ME just because I don’t remember a weird combination of letters and numbers I had set some months back (if not years), like really?
Given the technological advancements becoming a part of our lives like never before and making each phase of life so much easier, here we are STILL STRUGGLING TO REMEMBER OUR PASSWORDS. Sounds more like a Y2K problem, right? And hey, we have a “World Password day”, i.e. first Thursday of May to celebrate this problem LOL. To add to the misery, almost every website you visit or each application you download today will require you to have an account, meaning a NEW ACCOUNT = A NEW PASSWORD to remember.
A grave problem with using passwords (besides not remembering one) is the breaches and incidents of online theft as a result of weak, reused, duplicated passwords. As per the 12th edition of the Verizon Data Breach Investigations Report around 80% of the internet hacking-related breaches are a result of passwords being weak.
This drives me to the quintessential question here, if not passwords then what?
The world at large got a taste of “life without password” when Apple Inc. introduced Touch ID upon launching its iPhone 5S which was later adopted by Google and brought into the Android environment. And there is still a constant stir to figure out ways that are secure, user-friendly, and help the world go password-less someday.
Today we have Microsoft which aligned with the FIDO working group to work upon FIDO2. There’s the latest buzz of going password-less with the launch of “Beyond Identity”. Let’s dive a little into how these Getronics actually work.
- Samsung Pass, Apple Face Id- These are biometric authentications that can be used to sign in to various websites and applications on your device using your fingerprint, iris scan, face scan, etc. without any need to enter every ID and password for each of them.
- FIDO2- It consists of the Web Authentication (aka WebAuthn) standard and the FIDO Client to Authenticator Protocol (CTAP). WebAuthn is a browser-based API that allows web applications to create strong, public key-based credentials for the purpose of user authentication. CTAP is a device-to-device authentication channel. Read more…
- Beyond Identity- This is the most recent development. It has been launched just a few days back on 14th April 2020. It is based on the concept of a personal certificate authority. The whole technology behind Beyond Identity revolves around “personal certificate authority” and leveraging “self-signed” X.509 certificates. All you need to do is unlock your device, which acts as the Single Sign-On (SSO), and then you could sign in to other corporate assets, websites and applications without having to enter passwords for each of them separately. This technology is based on a similar line as the SSL/TLS certificates which have been used for two decades to encrypt and secure information over the web.
The SSO makes it a user-friendly technology while the certification and ‘Chain of Trust’ that gets created between server, user, and endpoint device makes this technology secure.
Zeroing this content, many of us might feel that whether it’s FIDO2 or Beyond identity, the fundamental technology existed in the real world for decades, like the asymmetric cryptosystem public and private keys (for FIDO 2) and SSL/TLS certificates (for Beyond Identity). These have been looked at with a new perspective and worked around to get a solution to our “forgot password” problems and all the present-day warnings like:
“Password incorrect”
“Enter code to sign in”
It would not be wrong to say let’s Pass the Word that “Password will be no more”