FIDO2: Our Passwordless Future?

When it comes to authentication, people mostly just want it to be simple. And IT wants it to be safe and secure. How can we have both? There is an app, I mean, an alliance for that!

FIDO (Fast IDentity Online) alliance is on track to passwordless future with recent commitment from Apple, MS, and Google. FIDO2 standard (already recommended by the US federal government) supports passwordless authentication with public key credentials. Instead of the passwords, users authenticate via physical devices, very much like you’d unlock a phone using a fingerprint, for example.

As an SAP consultant, I deal with dozens of passwords daily. And what sucks even more than the passwords are all those “security” policies. Asking users to change passwords frequently, requiring special characters and a blood of virgin in the password – all of this has been proven ineffective. Even two-factor authentication (2FA) is not as solid: just type in 2FA in Google and you’ll get prompts like “2FA bypass tool”. Ouch.

Enterprise apps are typically late to such parties (e.g. not long ago SAP still had the weirdest requirement for exactly 8-character passwords in some of their services) but I hope that CIOs bet on FIDO2 rather than yet another password manager app. Off with the passwords, I say. JP

Don’t miss our latest issue!