Maybe it’s a favorite band, plus a few random numbers. Or a first-grade teacher in front of a few symbols. Whatever the method, the average consumer has between 70 and 80 password combinations to remember. If a consumer had to remember all those passwords, it would add up to the same number of words as a four-stanza poem.
In short, passwords are an analog identity solution in a digital world. There has been no shortage of attempts to do away with them, most centering around biometrics.
But LoginID Co-founder and CEO Simon Law, whose company provides application programming interfaces (APIs) and software development kits (SDKs) for firms to integrate FIDO-certified biometric authentication, told PYMNTS that the emergence of new authentication methods, tied to high-tech methods (including biometrics), are on the horizon.
(A quick refresher: FIDO is short for Fast Identity Online, the alliance of various firms dedicated to nixing the password.)
That technology represents a new front against passwords, which is important not only because consumers have so many of them, but because passwordless interactions with apps and sites can help firms earn more revenue as they streamline the customer experience.
Law said he and the LoginID team are excited about their prospects, first because on Monday (March 15), the firm announced $6 million in seed funding from a consortium of individual investors and entrepreneurs, such as Fabrice Grinda from FJ Labs; Will Wang Graylin from OV Loop, Indigo Technologies, ROAM Data (which sold to Ingenico) and LoopPay (which sold to Samsung); ASLI RI (a large eKYC player in Indonesia); and others.
And second, the funding comes on the heels of LoginID becoming FIDO UAF 1.1 server-certified, in addition to iOS and Android-certified. With an API-centric approach, that certification means companies can integrate and scale strong authentication quickly at low costs while ensuring compliance with PSD2 and GDPR regulations.
“It means better security because now users don’t need to remember usernames and passwords, and websites don’t need to handle that anymore,” Law said. “And finally, the regulators are also putting their support around this standard. So, you have a solid value proposition there, and you’ll see a big change in the industry in adopting passwordless technology.”
In looking at the current vendor landscape, as the stage is set for success with tens of millions of dollars invested in the space, Law stated that “it’s about the timing. It takes a long time to get all the technology companies and vendors to come together and embrace a single set of standards or specifications.”
In this case, the standard of FIDO web authentication (or FIDO WebAuthn) starts off with the chip manufacturers (the Intels of the world) and goes all the way up to the browser firm and others, all using the same language. That harmonization, said Law, is critical for a standard to succeed. One key event was the fact that tech behemoth Apple joined the FIDO alliance last year.
“The next step is to get all the other businesses to adopt it,” Law said of FIDO WebAuthn. “And this is the perfect time to get all the millions of websites and applications to start adopting this standard.”
LoginID’s place in the movement toward standardization is to make integration easier, he said. Other solutions have proven to be a technological heavy lift — and it takes a lot of project management. There’s been a great opportunity to make it simpler for developers to adopt this FIDO solution. LoginID, with its authentication tool that can be integrated through an API or SDK onto a mobile app, might be likened to the Stripe of authentication.
“We do the exact same thing as Stripe when it comes to enabling payments,” Law noted. “You get a couple of lines of code, insert that as your login button or your payment button, and you’ll be able to offer passwordless authentication on your website.”
That allows for strong two-factor authentication. Through the FIDO standard, users can leverage a fingerprint to sign up, sign in and execute payment transactions.
“For existing websites, it’s really easy for them to adopt,” said Law. “And once you adopt our solution, you don’t need to spend that extra money to use factors like text messaging without changing workflows.”
Sending out hardware or one-time password dongles is very expensive, Law explained, and firms that embrace passwordless efforts see fewer calls into call centers.
Education Is Key For A ‘Win-Win’ Situation
As with any seismic change in the online world, education is key, and the knowledge that there’s a better path to authentication is dawning on firms across the globe, said Law.
“A lot of larger enterprises have recognized the need for FIDO and web authentication,” he noted. “And they’ve put those into their roadmap.”
The use cases for passwordless authentication range far beyond simply helping merchants allow payments and authenticate them. Standards and multifactor authentication are instrumental in increasing the security and trust tied to those payments.
“It’s a win-win situation for merchants and issuing banks because you’re getting the best of both worlds,” Law told Webster. “You’re getting higher conversion rates, and you’re also getting liability shifts and, in certain areas, lower interchange rates.”
Drilling down a bit, on the issuer side of the equation, there are functions such as transaction confirmation that act as a digital receipt. Using FIDO WebAuthn when sending money between checking and savings accounts, LoginID ensures that “this is indeed that person as they are signing and authorizing that transaction,” said Law.
Amid the great digital shift, strong know your customer (KYC) and authentication features are invaluable in getting customers (particularly tech-savvy millennials) to sign up online. And beyond commerce, FIDO has applications in verticals like healthcare, where users may need to authenticate themselves for COVID-19 “passports.”
Looking across the pond, Law said there are PSD2 issues that can be solved with the FIDO standard.
“In Europe, any financial transaction requires two-factor authentication,” he said. “And in this case, FIDO inherently is compliant with the PSD2 rules.”
In the case of payments within Europe, users no longer need to receive a text message in order to complete an online checkout. Now, firms can simply offer a one-click experience and still comply with PSD2 rules.
Of FIDO’s solution, Law said that “it’s really a win-win situation, both for the merchants that need to comply and also for the merchant acquirers that need to provide these solutions to their merchants.”
LoginID solves for a variety of use cases while also accelerating the adoption of a standard.
Looking ahead at how the firm will use its seed financing, Law pointed to “scale, scale, scale. We’re getting a lot of traction right now, and … we’re looking to scale up the team” as LoginID targets merchant acquirers in Europe, as well as banks (where FIDO has less than 1 percent penetration). There’s also a growing need for digital signatures to replace wet signatures in Europe.
“A year and a half ago, when people talked about FIDO, most people, even at the leading edge, didn’t even know what that standard was,” Law told Webster. “Now, everyone knows about it. And they’re thinking about putting it into their roadmaps within the year.”