“Member ID or password does not match”
IT giants, including Google, Apple, Microsoft, Naver, and Samsung Electronics, are preparing for a world without passwords. Sitting in front of the phrase asking you to set a password creates a dilemma. A password that is easy to remember is less secure, and a highly secure password cannot be remembered. A compromise we have chosen to solve this dilemma is to use the same password for multiple accounts. However, because of this compromise, it is easy to become a target for a chain of identity theft. Moreover, companies that run apps (applications) or websites are not happy with this compromise. Kwak Moon-soo, an engineer working at Naver Cloud’s IT Security Headquarters, said, “If you investigate ID hacking reports, most of the cases are where passwords are exposed.”
Can’t you make a way to log in without a password? With the majority of people having biometric-enabled smartphones, tablets, and laptops, the idea of ’use biometric authentication on handheld devices to log in’ is starting to emerge. This is where the FIDO Alliance started. In 2012, six companies, including PayPal, Lenovo, and Noknok Labs, formed a business alliance to create a standard protocol. After 10 years, 40 companies including Line, Samsung, Google, Apple, and Microsoft have joined as board members.
Together, they create a ‘standard’ to maintain a high level of security without passwords. The authentication assurance level stipulated by the American Institute of Standards and Technology is divided into 1, 2, and 3 stages. According to the FIDO standard, AAL3, the highest level of security, can be satisfied. You can prevent phishing just by following each clause of the FIDO standard and prevent reuse of payloads including server or user information.
How to log in without password? In the FIDO 2.0 standard, the web browser acts as an intermediary. When logging into a specific website, the browser requests biometric authentication with the mobile device, receives the information, and sends it to the web server. For this reason, technical standards are required for both web browsers, web servers, and devices. Science Donga DB
So, in 2014, FIDO released FIDO 1.0, a technology standard that allows you to log in with biometric information in a mobile app. With biometric information, you can open a secret key stored in an individual’s device. With this private key, you can match it with the public key registered on the server and prove yourself. FIDO 1.0 made the protocol required for this verification standard. Then, in 2018, FIDO 2.0, a technical standard that can be used on the web, was also released. With the release of FIDO 2.0, FIDO authentication, which was only possible on mobile devices, became available on various devices using web browsers.
Thanks to this, in February 2014, Samsung Electronics and PayPal made the first results. The Galaxy S5 fingerprint recognition allows you to use PayPal. Microsoft also decided to support FIDO authentication on Windows 10 and later from February 2015. Recently, Naver Cloud also received FIDO 2.0 certification. Engineer Kwak Moon-soo explained, “In the company, passwordless login is already used for almost all services such as Wi-Fi connection, website login, and developer server connection.”
In the future, you will enjoy more convenient passwordless login. On May 5 (local time), three big tech companies, Apple, Google, and Microsoft, announced that they would expand support for passwordless logins. Even with FIDO 2.0, there was an inconvenience of having to register biometric information again when changing from an Apple device to a Microsoft device. However, the announcement of these three companies is that they will synchronize passwords across multiple devices, eliminating the need to register biometric information again. Then, after registering your fingerprint on your Apple device, you can use the fingerprint recognition on your new Microsoft device. In a joint statement, the three companies said they would use the new platform “around next year”.
※Related articles
Science Dong-A July issue, [엣지사이언스]Announcement of 2023… A world without passwords is coming
