Substitute to username-and-password log-in in the offing

10 Dec 2014

Better ways of letting users log into their accounts are in the pipeline and the days of the password log-in may be numbered.

Google unveiled a surprising new way in October to log into Chrome and Gmail - a USB key, instead of a password. It formed  part a two-factor setup, working as an authentication code, but a boon to those tired of the standard username-and-password log-in. 

The Fast Identification Online (FIDO) yesterday took a giant leap forwards, with the release of the 1.0 version of its open standard.

There had been earlier versions, like Google's USB substitute to the log-in and password, but FIDO's was more efficient and more stable, providing a cryptographic backing for any service or authenticator device that users wanted to plug in.

The standard would make things a lot easier for companies that wanted to make a phone with a fingerprint reader or an app that required a fingerprint before it opened up.

There were so far only a small number of products built on FIDO - but with the new specs, that is likely to change soon. Google's security key was one example, while Samsung's fingerprint reader, was another which logged users directly into the native PayPal app.

The company is now expecting a flood of new phones and authenticator widgets now that the specs are complete.

The iPhone's TouchID sensor too would work with the new specs, thanks to some clever coding by a software company called Nok Nok, which had built a programme adapting Apple's now-open API to the FIDO protocols.

This would mean if users wanted to build a chat app that only opened with the user's fingerprint, they did not have to worry about writing a new programme for every different phone.

Meanwhile, Microsoft will start enabling two-step verification for Microsoft accounts.

The switch will be implemented in next few days and, with email, Xbox Live and Skype (just to name a few) associated with the service formerly known as Live, everything that tightens security would be welcome, according to commentators.

The lesson has already been learnt by other providers the hard way.

The two-factor gateway would however be optional apart from where it already was required - editing credit card information and accessing SkyDrive from a new computer. There is also a dedicated authenticator app for Windows Phone 8, which worked whether or not one had an internet connection.