The entire Token team is very excited about a new web authentication protocol: FIDO2. The protocol spec was donated by the FIDO Alliance to be developed by W3C in collaboration with major players in the web space: Google, Microsoft, Mozilla, and PayPal to name a few. Since our launch, we’ve been vocal about our mission to replace insecure authentication standards (like passwords) with a more secure method, asymmetric cryptography. So, we’re excited that Token has just recently been invited to join the FIDO2 working group.
But first let me back up. What is FIDO? Why do we need to replace passwords? And what is FIDO2?
The FIDO Alliance
The FIDO Alliance was started in 2012 to make passwordless login a reality. By creating open authentication standards, the FIDO Alliance is making it easier for a website to implement local device based authentication. The FIDO Alliance has many goals to improve authentication, including streamlining the user experience, making it faster and easier to use an authenticator, and of course making authentication more secure than the status quo. Since their founding, the FIDO Alliance has launched several standards: UAF, U2F, and most recently FIDO2.
The Problem With Passwords
Obviously we all hate passwords, but the problem is deeper than their inconvenience — passwords are incredibly insecure because they’re based on shared secrets. But to dive deeper into how problematic passwords actually are, here are some examples:
People have bad memories. Our ability to memorize a secure password just can’t compete with a computer’s ability to guess them. This is particularly true when you need a unique complex password for the myriad of web services and accounts that the average consumer uses.
A common workaround for this problem is to use a password manager to generate and store random passwords for each site. This is a better solution for many users, but comes with its own set of tradeoffs. For example, this (hopefully encrypted) password manager database is now a central location for access to your entire online presence.
Password databases can be leaked. Every other week it’s easy to find news about a high-profile website or web service being hacked with thousands or millions of passwords being leaked. In the best case scenario, the hacked web service was already salting and hashing their passwords. Even in this ideal situation a malicious agent can easily verify a guessed password using a dictionary brute-force attack. Because people are memory-limited, these passwords are frequently reused on other websites and a customer’s web identity is further compromised.
Passwords can be saved and replayed. This is particularly obvious when you look at how information is passed from your browser to the website you wish to log in to. On a regular HTTP website, you click a “Login” button and your username and password are grabbed from your browser, collected into a message to the website, and sent off in plain text! Any server along the route to the website, your ISP, or a sketchy VPN can see your password and then log in as you in the future. While most of these attackers can be thwarted by the website implementing HTTPS, it still can’t protect against an attacker shoulder-surfing your password as you type it in or extracting it from your browser.
So obviously passwords have a number of security and usability issues. But what’s the alternative? How can you authenticate to a website without using a password? At first glance it seems impossible. Enter FIDO2.
Asymmetric cryptography has been around since the 1970s, but a lot of mathematical and computational advancements had to be developed before it could be used in a practical authentication system. Modern hardware and system design have since caught up, and asymmetric crypto now has a perfect use case for authentication. The theory is pretty simple; you create two special pieces of information called a private key and a public key. If you store the private key in a secure location and give the public key to anybody you want to authenticate to (another person, a website, etc) then authentication becomes radically more secure. Say a website has your public key. If they want to make sure you are who you claim to be, they can send you some random data called a challenge. You simply sign this challenge with your private key, and send the result of that signature back to the website. The website can then verify your signature with your public key. If it’s correct, you can log in. That skips over all the math and cryptography that makes it work, but the concept is straightforward.
At their core, FIDO’s U2F, UAF, and FIDO2 protocols implement asymmetric challenge-response. This is a fundamental shift in how your identity can be proven: switching from shared secrets to asymmetric authentication. Your private keys can exist in a safe location, and only be used to generate a one-time-use response to an authentication challenge. With this new paradigm shift, FIDO2 addresses each of the flaws that exist with password-based authentication.
Without passwords, each private key can be as long and random as needed to stay secure (not limited by human memory). This greatly increases security for individual web services because it is infeasible to guess a randomly generated private key.
Without passwords, a hacked website only contains a perfectly useless list of public keys. If somebody malicious gets access to your public key, they still cannot use it to log in as you. Even better, FIDO2 generates a unique private/public key pair for each website. This means that if your email provider gets hacked, nobody will be able to link that account to your online banking account. This is an extremely useful for keeping different facets of your identity from being connected. Identity management is more than just authentication, proving you are who you claim to be. It is also about privacy, preventing leaks of personally identifiable information.
Without passwords, even if somebody overhears your challenge-response communication with the website, they can’t sign another challenge without your secure private key. Websites generate challenges randomly, and each are one-time-use. If anybody sees the traffic, they can not only not sign as you, but they cannot even use this signature a single time to log in as you.
Without passwords, web authentication can finally be secure.
The above was a high-level discussion of FIDO’s goals to eliminate the password. Signup below and look forward to future blog posts about how FIDO works and why we think it specifically is the best future for online authentication!