June 24, 2022
Maybe it’s a local band with a couple random numbers. Or a first-grade teacher’s name with an exclamation point. Regardless of the methodology, the average internet user has around seventy and eighty password combinations to recall. If you had to recite all those passwords, it might add up to a similar range of words as a four-stanza poem.
Effectively, passwords are an analog identity solution in a digital world. There have been many efforts to eliminate passwords, mostly utilizing biometrics.
LoginID provides easy to use APIs and SDKs for companies to integrate FIDO/FIDO2-certified biometric authentication. The emergence of new authentication procedures, tied to high-tech techniques (including biometrics), are on the way.
(Reminder: FIDO stands for Fast Identity Online, the alliance of various entities committed to eliminating passwords.)
FIDO/FIDO2 represents a brand new front against passwords, which is vital not only because consumers have such a large amount of them, but because passwordless logins with apps and sites can help companies earn additional revenue as they enhance the customer experience.
On March 15 LoginID announced six million dollars in seed funding from a group of individual investors and entrepreneurs. Fabrice Grinda of FJ Labs; Will Wang Graylin of OV Loop, Indigo Technologies, ROAM Data (which sold to Ingenico) and LoopPay (which sold to Samsung); ASLI RI (a large eKYC player in Indonesia); and others are all investors.
Additionally, the investment follows LoginID becoming FIDO UAF 1.1 server-certified, as well as iOS and Android-certified. With an API-focused approach, FIDO/FIDO2 certification means companies can integrate and scale strong authentication rapidly and cheaply while ensuring they are PSD2 and GDPR compliant.
This means enhanced security because users no longer need to memorize usernames and passwords and websites don’t need to handle them anymore. Additionally, regulators are rallying to support this standard. This solid value proposition means one should be seeing a shift in the industry towards adopting passwordless authentication.
It’s about the timing when viewing the current vendor landscape. The space is set for growth with tens of millions of dollars invested. It takes a while to get an amalgamation of tech companies and vendors to embrace one set of standards or specifications.
In this case, the FIDO web authentication standard (or FIDO WebAuthn) begins with the chip manufacturers (Intel) and continues up to the browsers (Chrome, Safari) and others, all using the same language. That harmonization is crucial for a standard to succeed. A momentous occasion last year was when tech juggernaut Apple joined the FIDO alliance.
The next step is to get all the other businesses to embrace FIDO WebAuthn. This is a great time to get the millions of websites and applications out there to start using this standard.
LoginID’s position in the drive toward FIDO/FIDO2 standardization is making integration easier. Other solutions have proven to require a lot of project management and are a technological heavy lift. LoginID’s simple FIDO/FIDO2 API solution provides a great opportunity for developers. LoginID’s authentication tool that can be integrated through an API or SDK onto a mobile app and could be said to be the Stripe of authentication.
LoginID has the same model as Stripe when it comes to enabling payments. One can use a couple of lines of code, use that as their login button or their payment button, and then instantly offer passwordless authentication on their site.
This creates strong two-factor authentication. Via the FIDO/FIDO2 standard, consumers can utilize a fingerprint to sign up, sign in, and complete payment transactions.
For existing websites it’s very simple to adopt LoginID’s solution and once adopted they don’t need to spend any extra money to use other methods like text messaging without changing workflows.
Shipping out hardware or one-time password dongles is rather pricey and companies that utilize passwordless solutions see fewer calls into call centers.
Authentication Education Is Essential For A ‘Win-Win’ Situation
As with any large-scale shift in the online community, education is essential, and the idea that there’s a better path to authentication is occurring to firms across the globe.
Many larger firms have realized the need for FIDO/FIDO2 and WebAuthn and have put them into their roadmap.
The use cases for passwordless authentication extend far past simply aiding merchants to confirm payments and authenticate them. FIDO/FIDO2 standards and multifactor authentication are crucial in enhancing the security and trust tied to those payments.
This creates a win-win scenario for both online sellers and issuing banks because they are getting the best of both worlds. Passwordless authentication results in higher conversion rates, liability shifts and, in certain spaces, lower interchange rates.
On the issuer side of the equation, LoginID offers tools such as transaction confirmation with a digital signature that acts as a digital receipt. LoginID verifies the person as they digitally sign and authorize their transaction using FIDO/FIDO2 WebAuthn when shifting money from a checking account to a savings account and vice versa.
Amid the great digital shift, effective know your customer (KYC) and authentication tools are key in attracting consumers (particularly tech-savvy millennials) to sign up online. And beyond commerce, FIDO and FIDO2 have applications in industries like healthcare, where consumers may need to authenticate themselves for COVID-19 “passports.”
Looking across the Atlantic there are PSD2 issues that can be reconciled with the FIDO/FIDO2 standard.
In Europe, any financial transaction requires multifactor authentication and FIDO/FIDO2 are inherently compliant with PSD2 regulations.
In the case of transactions within Europe, purchasers no longer need to receive a text message in order to complete an online checkout. Now, online sellers can simply offer a one-click experience with LoginID’s transaction confirmation with digital signature and still comply with PSD2 rules.
FIDO’s solution is a true win-win scenario, both for the merchants that need to comply with PSD2 as well as for the merchant acquirers that have to provide these solutions to their merchants.
LoginID solves for a variety of use cases while simultaneously advancing the acceptance of a standard.
Looking ahead at how LoginID will use their seed financing, the company plans to “scale, scale, scale”. LoginID is gaining traction and looking to grow their team as they target merchant acquirers in Europe, as well as banks (where FIDO/FIDO2 has below 1% penetration). There’s also an increasing demand for digital signatures to replace wet signatures in Europe.
In 2018, when people talked about FIDO/FIDO2, even those at the leading edge, didn’t really know what that standard was. Now, everyone knows about it and are considering how to put it into their roadmaps within the year.
This article was adapted from PYMNTS