Multifactor authentication from FIDO
Watchdog
The recent discovery of a 1 billion+ password treasure trove in the hands of Russian cybercriminals brings home a far too common occurrence. Almost daily, you hear of a new breach and a new set of stolen credentials, a new pastebin dump, and millions of frustrated admins and end users. Beyond security breaches, other reasons to replace this nearly 50-year-old technology include:
- Users reuse passwords
- Users create weak passwords
- Users want ease of use
- Passwords are centralized in databases
In short, passwords are painfully antiquated, insecure, and clearly in need of an overhaul.
Real Risks/Real Costs
The costs of single-factor authentication are hardly theoretical and without significance. These are just a few real-world facts about password risks and costs:
- Forrester Research notes the cost of password breaches reached more than US$ 200 billion in annual losses.
- According to the Verizon 2013 Data Breach Report, weak or stolen credentials account for 76 percent of network intrusions, and more than 50 percent use some form of hacking.
- A 2013 SplashData study on data from an Adobe breach showed the top five most used passwords are: 123456, password, 12345678, qwerty, abc123. (Yes, you make take a moment to scream or hurl a heavy object!)
- According to Intercede, 51 percent of users share usernames and passwords with friends, family, and colleagues.
Unfortunately, many large players in the marketplace would rather keep their heads in the sand than face reality.
What is MFA?
It's time to face the facts that this more than 50-year-old love affair with the password should end. Admins need to look for what is next. That next step can and should address some of the key weaknesses of single-factor authentication. Multifactor authentication is that vital step forward, offering improved security, greater simplicity, and more cost efficacy, among other things. Before I continue, I'll define multifactor authentication in greater detail.
Multifactor authentication, which is also known as MFA, two-factor authentication, two-step verification, TFA, T-FA, or 2FA, is an authentication approach that requires two or more core factors. It requires something you know (your password), something you have (physical authentication token or virtual MFA on a smartphone), and in the case of biometrics, a third physical factor such as a fingerprint, retinal pattern, and so on. For those looking for a better solution, the good news is that it's getting closer with the help of technology and open standards.
Enter the FIDO Alliance
From the mess of the failed, tired password comes a new promising development. The FIDO (Fast IDentity Online) Alliance is an industry consortium non-profit organization working on what's next for authentication while making web authentication easier, less expensive, and more secure. The FIDO Alliance describes its mission [1] as:
- Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
- Operating industry programs to help ensure successful worldwide adoption of the specifications.
- Submitting mature technical specification(s) to recognized standards development organization(s) for formal standardization.
The standards body consists of industry titans such as ARM, Bank of America, BlackBerry, Google, Lenovo, MasterCard, Microsoft, PayPal, RSA, Samsung, Salesforce, Visa, and Yubico, among others. With more than 100 members, the group has a lot of momentum behind its efforts.
Buy this article as PDF
(incl. VAT)