We have (rightly) harped on the necessity of unique and complex passwords, strengthened by multi-factor authentication (temporary text codes, rolling RSA numbers, secret answers to questions, fingerprint or facial recognition, etc.). For those who cannot or will not follow good password practices, help is on the way, even if not immediately.
Microsoft and others have been working on passwordless login for some time, and are finally making real progress toward bringing that technology to fruition. This initiative is better known as FIDO (Fast Identity Online), with security standards developed by the FIDO Alliance (not to be confused with the Scooby Squadron or Paw Patrol). FIDO incorporates security keys (like an RSA fob) that, in conjunction with biometric authentication (e.g., your laptop or phone facial recognition feature or fingerprint reader), eliminate the need for a password.
However, do not ditch your passwords or prudent practices right away. FIDO has been in the works for several years already. Large-scale rollout, simplification of website registration, consolidation of hardware security keys (think: one universal house key rather than one for each door, cabinet and cubbyhole), inertia, and other hurdles will continue to push widespread adoption out several more years. Even so, c|net reports that passwordless login for some Microsoft services, such as Outlook and Xbox Live, has jumped from 150 million to 200 million people in just the past year. Hopefully, in the not too distant future we can all truthfully claim “FIDO ate my password.”
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.