Security & Fraud

Envisioning A (Secure) World Without Passwords

Passwords are a less than stellar way to keep consumers from online hacking harm. Instead, the Fast IDentity Online Alliance (aka FIDO) says that a universal standard will keep digital identities secure and portable. In February’s Digital Identity Tracker™, FIDO’s Executive Director describes the very important milestones that they’ve hit on the road to the “ubiquitous euphoria” as we look beyond the little-loved p-word.


The online payments landscape is littered with abandoned shopping carts, passwords never remembered and frustrated consumers.

Nearly four years after its founding, the Fast Identity Online Alliance (FIDO) has been making inroads into the payments landscape with a laser sharp focus on authentication that proves an online user’s identity.

To that end, the nonprofit has been coalescing members around developing a standard platform through which authentication can be done as a “case agnostic” activity, which means it can extend across any number of verticals and payments across disparate industries.

The push toward authentication standards has garnered the support of some heavyweights in the payments industry, among them Google, Microsoft and Apple, which have collectively made room for FIDO based solutions to be used across those companies’ platforms.

In an interview with MPD CEO Karen Webster, Brett McDowell, FIDO’s executive director, said that it is crucial to envision just where “FIDO fits in payments and mobile and banking.”

"You have to understand that FIDO standards are specifically addressing authentication, so that everywhere a password lives today, that is where you see FIDO in the future,” McDowell said.
The movement is toward a new type of credential, where the old credential had been a user name and password, he added. “That is being replaced by asymmetric key cryptography,” he said, with specifications that are available to the public.

McDowell went on to state that “if you are asked to type in a credit card number, FIDO is not replacing that type – but if you use a wallet function and need to authenticate to release funds,” that would make use of FIDO. Among the most visible examples to date are deployments where FIDO is used to authenticate payments across PayPal, Samsung Pay, and carriers such as NTT DOCOMO. Beyond the payments functionality, FIDO targets interoperability across digital transactions that span channels and also different types of mobile devices.

Key technologies that dovetail with the process – which run across registration, authentication, the actual transaction and then deregistration – include biometrics, said McDowell. That is of course specific (via fingerprint or, say iris scans) to users.

The eventuality, he said, is the creation of a “persistent identity,” where consumers can make transactions from place to place, through devices and digital transactions, without constantly having to authenticate themselves.

How long till such a standard takes root? McDowell stated “this is not a multi-decade journey” to have all standards and operating systems supporting FIDO — but offered a caveat in that the complete abandonment of passwords, a die-hard consumer habit, after all, will have a “long tail.” However, "once people are given FIDO as an alternative ... there is ubiquitous euphoria when people find out that they do not have to use a password,” McDowell said.


To read the full Digital Identity Tracker, click here.




The September 2020 Leveraging The Digital Banking Shift Study, PYMNTS examines consumers’ growing use of online and mobile tools to open and manage accounts as well as the factors that are paramount in building and maintaining trust in the current economic environment. The report is based on a survey of nearly 2,200 account-holding U.S. consumers.