Member • Feb 17, 2015
Windows 10 to ditch passwords and support FIDO
Globally, computer users have had issues with setting strong yet easy to remember passwords. It's important that the passwords must be changed at regular intervals to minimise the risk of online accounts getting compromised. In major corporations, it's a massive burden on the IT department to manage user accounts while ensuring safety for all. Solutions to the problem comes in the form of FIDO. The FIDO alliance has proposed U2F and UAF specifications which are being considered final. Both these specs are based on public key cryptography and are inert to phishing attempts.
The UAF standard relies on the biometric data of the user - such as fingerprint or iris scan or voice as authentication information. The user needs to carry a device with UAF stack installed on it. The user must present biometric or PIN in order to complete the online transaction. The U2F standard needs built-in support in web browsers. The user will have to present the U2F device in order to authenticate and the website will have the ability to simplify the password; aka allowing a 4-digit pin. The details of both the standards can be obtained on #-Link-Snipped-#.
Ingalls notes that Microsoft has contributed design inputs to the new FIDO 2.0 specifications. The Windows 10 support will allow Windows powered devices and cloud services a la Azure to be accessed without passwords.
The FIDO specifications want to use your biometric data to authenticate you. We're curious to know how many of you would be willing to share your iris data, fingerprint scans and other biometric information with websites? Do you think FIDO is the way forward or want passwords to stay? Comment!