Imagine there’s no passwords, it isn’t hard to do…

It’s been a long wait, but it seems that we finally have a way to provide secure online identification without either having to remember a password or use a password manager.

Decades of password use have led us to the present disastrous situation: in a world where we manage an average of 90 accounts and services on the web, about 51% of passwords are reused, and are the cause of about 80% of intrusions and data theft, while one in three purchases on the web are abandoned because of the inability to remember a password or manage an authentication system.

The solution to this long-lasting problem comes from the FIDO Alliance: FIDO stands for Fast IDentity Online, and counts among its members almost all major online companies. Basically, it enables multifactor authentication without sharing our biometric data with anyone, without passwords, and in a secure way that prevents phishing. Until now, the problem with including a second authentication factor as a one-time password sent by SMS or email was that the channel used for sending it was not particularly secure. But if we used a number generated by an authentication application as the second factor, the login page could be spoofed, and we could end up putting all our credentials precisely in the hands of criminals.