Picture this: you turn on your phone with a variety of business tasks that you need to accomplish. You need to check your work and personal email, your bank account, your voicemail and three separate company applications. And you have some shopping to take care of. So, you reach into your pocket and pull out a list of handwritten passwords. You have at least four that you will utilize during this process.
What happens, though, if this sheet gets lost or stolen? Passwords are terribly inefficient and not at all conducive to supporting today’s mobile identity verification demands. Passwords are often used over multiple accounts and can easily be phished or cracked using keylogging techniques. Additionally, they are inefficient. In fact, a recent study proved that 44 percent of professionals believe that username and password-based authentication is no longer a viable method of ensuring mobile identity verification in a business setting.
One organization that is taking active measures to mobile identity authentication is the FIDO Alliance, a non-profit organization designed to improve interoperability over strong authentication devices and reduce user problems related to the management of multiple usernames and passwords. FIDO intends to create an open and scalable mobile system designed to supplement passwords through the use of biometric recognition solutions.
The FIDO solution uses Universal Authentication Framework (UAF) protocols constructed with public key cryptography to create a passwordless experience. A user will simply register a mobile device over the Internet using either voice or facial recognition, fingerprint or a personal identification (PIN) number. Then, a user merely enters the biometric information when accessing the device. The biometric fingerprint acts as an umbrella for multi-factor authentication and promotes quick and easy login across multiple applications.
For end users, FIDO-enabled devices promote an easier and safer navigation experience. FIDO also benefits Internet Service providers and vendors by providing improved PKI-based security and an increased amount of user engagement. And for vendors, it allows them to move past fragmented authentication solutions through a standardized approach to identity verification.