Implementation of FIDO2 Standards: Hurdles and Trends

[tanjimajuha20]

While the first FIDO standards were still used in conjunction with password-protected login procedures, the FIDO2 standard already points towards a password-free future, as the latest FIDO development aims to achieve: Passkeys. Passkeys are based on FIDO2, but allow the authentication data generated when registering a device (i.e. the passkeys) to be synchronized between different services in order to simplify the application even further. Read more about this in our article What you should know about passkeys

Currently, there are still several factors preventing the comprehensive implementation of this new level of passwordless authentication:

Companies macedonia phone data must first adapt their IT infrastructure, integrate FIDO2 authentication servers and provide the appropriate security keys for users. A cost factor that can also become an exclusion criterion depending on the size of the company.
Not all users want to have to rely on registered devices to log into web applications. Many may therefore still prefer password-protected solutions in the foreseeable future.
Passkeys make it easier to use a device with multiple services, but they represent a step backwards in terms of security (because private keys must then be duplicateable, which means they could be duplicated illegally). Many end users will not mind this, but some companies will – it remains exciting.
How quickly and sustainably passwordless authentication processes become established depends on whether they can create an increasingly positive user experience. The simpler, more convenient and more secure passwordless online logins are, the greater the acceptance of this technology will be sooner or later.

What the future holds: Gradually increasing security between platforms and devices
Thanks to FIDO's commitment to creating viable and portable solutions for simpler and more secure login processes, solutions are gradually emerging that can truly improve the user experience, even across platforms.

Since 2015, Microsoft has supported the FIDO standard 2.0 in the Windows 10 operating system. In 2022, Apple also implemented the extended FIDO standard with the introduction of iOS 16, iPadOS 16 and macOS Ventura. By increasing user-friendliness as well as security, passwordless procedures also change the expectations for modern login processes in the long term.

Passwordless authentication methods already allow users to effortlessly switch between services and platforms, for example by logging into an existing account. Even different standards such as the OAuth 2.0 protocol and WebAuthn can work together to enable secure and user-friendly authentication without users having to re-enter their login information.

Future developments could be equally encouraging. If online service providers continue to harmonize existing standards and protocols, they can design user experiences in such a way that transitions between services and devices become increasingly simple without compromising security.

Cover image: Photo by Towfiqu barbhuiya on Unsplash