The Future of Authentication

The world is changing and so does it in 2019. Time to make so predictions for the new year.

I firmly believe that we will see huge progress in the field of secure user authentication. As you might know the current state of authentication is fundamentally flawed. Users set weak passwords, 2-factor authentication is a usability mess and accounts are compromised on a daily basis. These problems are well known and big tech companies have tried to tackle them on their own.

Online transactions are now done mostly on mobile devices. So mobile authentication has also become a new challenge. Comprehensive authentication solution have to work across browsers, devices and different levels of assurance. In result building your own authentication standard is not possible without the support of fellow industry leaders.

Thus the FIDO Alliance has been established. They work out new authentication standards to help reduce the world’s over-reliance on passwords.

The main focus is set on the FIDO2 project. It is compromised of the W3C Web Authentication Specification and the Client To Authenticator Protocol (CTAP).

WebAuthn is a web API standard that is built into browsers and web services to implement FIDO authentication. The CTAP protocol enables external devices to store FIDO security keys and act as authenticator for the requested web service.

The standards have already been implemented by major browser vendors. The FIDO alliance has reached a mature level and provides all resources required to implement their standards.

Now it is the turn for companies to adapt the standard and make the web a safer place. At the end of 2019 FIDO will hopefully have reached a critical amount of implementations and will set a new baseline for secure authentications on the web.