Thanks to the FIDO2 certification standard, passwordless mobile cybersecurity is where the future seems to be headed.
Cybersecurity experts keep warning us to make our passwords as complex as possible. However, this comes at the cost of convenience – the more complex a password is, the harder it is to remember. Consequently, many people opt for keeping them simple, thus making themselves an easier target for brute force attacks.
To make their digital assets more resilient to attacks, many companies are smart enough to employ 2-factor authentication. But what if we could find another way to make assets safer without having to resort to using passwords altogether?
On Monday at Mobile World Congress 2019, Google and the FIDO Alliance outlined a new passwordless future for the Android OS, which is now FIDO2 certified. Soon, we may no longer need to use passwords at all. The following companies are already working hard on trying to implement the concept:
In practice, physical gadgets will be used instead, such as YubiKey. Biometrics, such as fingerprints, are another suitable alternative.
By employing them, we can effectively prevent Man-in-The-Middle attacks, eavesdropping, and brute-forcing. All the developers need to do in order to implement this option is to use an API call. The only prerequisite is that the users are on Android 7.0 or newer for this option to work.
All in all, passwordless is the way to go if we want to see convenient and robust cybersecurity solutions in the future; and it’s closer than we may think.