Isn’t it a big memory task to remember passwords for all our favorite websites? We do have a habit of keeping common passwords for all the networks which gave away to hackers to exploit our data. Even if it’s a secured one, things get worse when we forget the password and have to reset them. Well, fret not as Google and Microsoft are pushing websites to adopt a password-less login mechanism. You would wonder how this is even possible. Well, there is a FIDO Alliance with Google and Microsoft being a part of it. This Fast Identity Alliance Online (FIDO) is now urging websites to drop logins via passwords. In another way, FIDO Alliance is pushing websites towards biometric logins.
You must have seen how easily you can log in or open your password-protected app on Android or iOS with your fingerprint or even Face ID. This could soon be true for your favorite website as well. At the recently held RSA conference, Google said that Android is now FIDO2 certified with the latest version of Google Play Services. However, this is true for the devices running Android 7.0 and above. With FIDO2 certification, developers can write apps that use fingerprint or FIDO keys to log in the users into a website without punching the password.
Now, this should come in as a welcome step for everyone because literally, no one likes to enter a password to login to any website. Imagine a day when we can enter websites like Twitter or Facebook on Android or Windows PCs with just our fingerprint. Also, Microsoft has announced that its users will also be able to use Windows Hello for authentication. This means that if your PC has a webcam and Windows Hello functionality, you don’t even need to use your fingerprint for logging in.
It is known that web browsers like Chrome, Microsoft Edge and Firefox already support password-less logins on websites and native web apps. Even Apple’s Safari browser supports this feature but in preview mode. However, none of the websites support this feature at the moment. With FIDO2, you are also safe from phishing as it does not allow you to authenticate on malicious sites.
As I mentioned earlier, Android already supports password-less login for native apps. But password-less logins for browser logins will be icing on the cake. If you are concerned about your cryptographic data on the device, you need not to worry. This mechanism will store all your authentication data like a fingerprint on the device itself.
As far as Microsoft and Windows PCs are concerned, you can have password-less logins with Windows Hello only at the moment. At the RSA conference, Microsoft even demoed password-less login to PayPal live on stage. We are sure that Microsoft will work towards adding fingerprint authentication to Windows PCs soon as well.
FIDO2 Mechanism – How It Authenticate?
If you are someone who is interested in the mechanism behind FIDO2, here’s a simple explanation on how it works. First of all, you have to enter your fingerprint or face to login to any website. Behind the scenes, the device will scan your fingerprint or face to authenticate your identity. A unique internet key will be created so that the account you want to open is authenticated.
As part of the push for FIDO2 adoption, Microsoft has announced that Windows 10’s next release will be FIDO2 certified. FIDO Alliance members are also hopeful that the implementation of FIDO2 on major websites will start from 2019 onwards. FIDO Alliance member, McDowell says it’s possible 2019 “will be a big year” for FIDO2’s adoption.