The Fast Identity Online (FIDO) Alliance and World Wide Web Consortium (W3C) got support from technology giants Microsoft, Apple, and Google, with the three agreeing to support their passwordless authentication solutions. Users of the said tech companies’ products no longer need to construct complex passwords to login into websites and applications. Instead, people can authenticate themselves through biometrics.
This is FIDO’s proposed replacement for knowledge-based credentials, such as passwords and personal identification numbers (PINs) that have become liabilities in security and finances. Fraudsters learned to circumnavigate weak passphrases and caught unknowing victims off-guard with different social-engineered scams. Password management also costs companies millions of dollars for resets, while their employees shoulder the burden of memorizing passwords leading to productivity loss.
Passwordless identity verification, like LoginID’s mobile facial biometric identity solution,can offer consumers highly secure, fast, and seamless logins. Users can verify themselves with a quick iris, facial, or fingerprint scan. Unfortunately, like passwords, this authentication scheme has its shortcomings.
Registering a second FIDO2 device needs the possession of the original FIDO-registered device, which limits portability if the latter is not within the proximity. During device registration, the FIDO2 solutions assume that the person registering is the actual owner and do not further verify the device holder’s identity.
With these weaknesses, authID has developed cloud-based biometric authentication to support FIDO2 authentication. Cloud biometrics takes passwordless security to another level by integrating biometrics when registering a FIDO2 device. This allows users, their accounts and devices to establish a digital chain of trust. It eliminates the assumptions of “who” performed the transaction, knowing that the owner’s biometric data is used to authenticate oneself.
Moreover, authID’s patented step-up authentication can be helpful for organizations critical of improving their anti-fraud protocols. With biometric identity authentication, companies can confirm the legitimate cardholder does a transaction. Biometrics are hard to duplicate, making it difficult for bad actors to do unauthorized access.