Techno gurus in the world state that users miserably have their personal information stolen are those being tracked by hidden cameras while they were entering passwords. Another popular trick is phishing, which means hackers create fake websites to lure Internet users into accessing these unsafe sites and then record usernames and passwords.
The recent leak of 50 million Facebook accounts in Vietnam is one sad example of a loose password protection in servers.
Due to these reasons, the Fast Identity Online Alliance (FIDO Alliance) has called for the passwordless authentication. Its term FIDO2 refers to the latest authentication protocol in hope of completely erasing the concept of password in the world. Using FIDO2, users only need to authenticate one time for all systems thanks to a security key.
This key could be either a hardware or a software (a mobile application) cryptographic authenticator. Owning it, users can ask servers to communicate with one another via an algorithm in order to authenticate the sign-in process.
According to Mr. Nguyen Phi Kha, Director of the R&D Department of VinCSS Cyber Security Service Co. Ltd., this novel method is superior in that without a password, there would be no phishing or stealing activity happening. Meanwhile, the communication between servers are through an algorithm, so even when hackers are able to interfere, there would still be no real information displayed to them.
However, since FIDO2 is quite complicated, not many IT companies in the world can create such a key. At the moment, only giants in the field like Google, Apple, Microsoft, Fujitsu, or Kensington, have this capability.
In Vietnam, VinCSS has successfully researched and generated a product which meets the FIDO2 standard. It is going to be launched in 2020.
