As Volvo realized when developing the three-point seatbelt, security needs to be simple and work in a simple gesture, or users won’t adopt it. Volvo also knew that in order to scale to every car and user, their invention needed to be an open standard. Eventually, all countries made the seatbelt a legal requirement, and it has since then saved millions of lives.
The future of strong online identities is following the same path and must be simple to use across all computers and mobile devices. Several years ago, the Swedish/American authentication innovator Yubico co-developed the open authentication standard U2F (Universal 2nd Factor), which was further developed by the open standards organization FIDO Alliance. Since deployed by Google staff and end users, U2F devices have significantly reduced fraud, support calls, and time to login compared to mobile software authentication.
We are today moving beyond U2F with the evolution of FIDO2 - a new open standard which delivers upon removing the need for a username and long complicated passwords. Microsoft has already incorporated this standard to allow for passwordless login into Microsoft Accounts and we expect to see much more passwordless support for hardware security keys as we continue into 2019.
Stina will explain the advantages presented by FIDO U2F and FIDO2 in comparison to one-time passwords (apps, SMS, tokens) and smart cards, how and why these technologies will continue to coexist in the coming future, and where they fit in the larger identity ecosystem.