Microsoft Joins Group Determined to Kill Passwords

Microsoft has joined a group determined to ditch the traditional password as a security measure. The group wants to develop alternatives that are more capable of protecting our favorite devices and most sensitive data.

The group is called the FIDO (Fast IDentity Online) Alliance, which is based around the idea that passwords, although widely used and easy to understand, are an inherently flawed security measure because they can be guessed or stolen.

Although many new authentication measures -- such as fingerprint scans -- have emerged and are more secure from a technical perspective, FIDO believes they have two common problems: first, they aren't easy to use, and second the technology isn't standardized across the industry. (Source: fidoalliance.org)

Fingerprint Readers Leave Users Uneasy

The lack of standardization means that other systems can be unnecessarily complicated. They also cause many users to worry about handing over very personal information, such as fingerprint data, to a site for verification.

FIDO's proposed solution is to develop a clear split in the way websites check online identity. It wants the process of checking a user's identity to be handled entirely through the device itself, with no personal security data passed over the Internet. (Source: computerworld.com)

This means websites would simply receive confirmation of the user's identity. The site would then be responsible for using the identity to decide what access the user gets; for example, logging into an account.

The idea is that users wouldn't need to have different security measures for different sites; instead, websites would simply need to know that the user is indeed who they say they are.

Password Replacement Project Needs Industry Support

This set-up would require a standard piece of software to run on the user's machine and handle all security measures, such as connecting with hardware devices like fingerprint readers or card readers.

For the system to get the support of websites, it will need to be available to as many web users as possible. That means it needs to be compatible with leading web browsers and portable devices, like smartphones, tablets, and laptop computers.

Microsoft is by no means the first major firm to join FIDO. Google, MasterCard, LG, and Lenovo are already on board.

But Microsoft's involvement could be a major boost because it opens the door for the FIDO system to run in Internet Explorer and on devices running Windows operating systems.