The disclosure last week of the Yahoo data breach, executed in 2014, is the largest single breach of user account data ever reported. The frequency and severity of these data breaches – and the resulting password theft – is increasing year-over-year. The only way to stop this trend is to end our dependency on password security and adopt unphishable strong authentication.
At a time when this problem is more serious than ever, we’re excited to partner in the development and launch of the new “Lock Down Your Login” public awareness campaign led by the National Cyber Security Alliance (NCSA), with support and backing from the White House and many other institutions. The campaign is focused on raising awareness among all Americans about the importance of strong authentication, with a call “for all Americans to fortify their online accounts by enabling the strongest authentication tools available so everyone can enjoy a greater peace of mind knowing their online accounts are more secure.” This is the latest in a series of collaborations between the FIDO Alliance and NCSA in support of National Cyber Security Awareness Month.
The FIDO Alliance was launched in 2013 around a simple premise: that authentication should not only be more secure, but also easier to use. Three years later, the Alliance has more than 250 member organizations who have worked together to create open industry standards that can enable online service providers to replace passwords with something better: better security as well as a much better customer experience.
The idea of building authentication that consumers actually want to use is not a novel one, but is something that has eluded the security industry for years. First-generation strong authentication solutions, such as short-lived codes sent to your mobile phone or read from a dedicated security token, did improve security but degraded the user experience. This prompted consumers to reject these solutions rather than embrace them. Worse yet, the security of these solutions has degraded over time because they share too many of the same vulnerabilities that plague passwords, primarily phishing.
Thankfully, the industry has responded; next-generation solutions built upon the FIDO standards deliver authentication that is not only more secure – through use of public key cryptography – but also easy to use thanks to FIDO’s on-device approach that leverages sensors you need only touch, look at, or talk to. So as consumers are urged to lock down their logins, we’re excited that the more than 250 FIDO Certified solutions in the market today make it easier than ever to deliver unphishable strong authentication that consumers actually want to use. And consumers can use FIDO today – Bank of America, Dropbox, Github, Google, Microsoft, and PayPal have already begun to incorporate FIDO authentication into their services.
In support of this new campaign, we’ll be partnering with the NCSA and the Electronic Transactions Association (ETA) to host a Future of Authentication Policy Day in Washington, D.C. on October 27th. Featuring an array of speakers from both government and industry, the event will highlight advances in strong authentication being driven by next-generation efforts like the FIDO Alliance, exploring how the authentication market has evolved, and how policy must evolve with it.