Ever heard of a PICNIC situation? It stands for Problem In Chair Not In Computer, and unfortunately even in 2021, this type of problem is still the largest gateway for hackers to exploit computer systems. Luckily, the world is slowly adopting Fast IDentity Online (FIDO), the single most impactful technological protocol when it comes to eliminating cybersecurity breaches caused by errors in human behavior. With huge cyber attacks like SolarWinds making headlines daily, it’s time to get serious about cybersecurity, especially if you are a business or government agency. Choosing to adopt FIDO—or not—is not just a matter of best practices; it’s an action that can heavily impact your organization’s bottom line.
What is FIDO?
FIDO is a password-free standard maintained by the FIDO Alliance, a non-profit organization founded in 2012. Just as Bluetooth, USB, or HTTP is a standard, FIDO is a standard. To ensure the highest levels of security in digital authentication practices and the abatement of phishing attacks, FIDO provides a selection of tools to move systems toward the elimination of passwords. While StrongKey didn’t invent the technologies that comprise the standard, we do adhere to it in every aspect of our cybersecurity practices and champion it as a member of the FIDO Alliance along with other companies invested in keeping the Web secure by reducing the world’s reliance on passwords.
There are many different cybersecurity solutions on the market, so why are we so excited about FIDO in particular? To put it simply, FIDO is the best solution we can offer to help our clients reduce costs, increase revenue, and be more secure.
What can you do with FIDO?
In practical terms regarding security, FIDO allows you to login into your accounts with a single gesture, such as using a touch, swipe, or biometric confirmation instead of typing in a password. The FIDO passwordless authentication protocol uses public-key cryptography and eliminates the risk of someone stealing your password with a phishing attack. You can also find comfort in knowing that FIDO meets the highest assurance level of authentication (Authenticator Assurance Level 3)—even higher than digital certificate smart cards used by the Department of Defense. Most importantly, it saves you from many of those PICNIC situations because it makes passwords irrelevant—along with all the exploits that rely on them.
How FIDO can help you save money
Passwords are not just annoying, but expensive. Last year alone, the average cost of a data breach was $3.86 million. But aside from the obvious costs associated with breaches and the long-term damage they can do to a brand’s reputation, there are less obvious expenses associated with tech support for password-related problems.
On the customer-facing side, the use of passwords can mean costly losses of potential sales. It’s estimated that one-third of online purchases are abandoned at checkout because customers can’t remember their passwords (University of Oxford). If a user who has forgotten their password doesn’t decide to just stop using your site altogether (which many do), then comes the issues associated with password-related support inquiries.
According to Gartner, up to 50% of inquiries (calls and emails) to IT help desks are password reset requests. Given that the average helpdesk labor cost for a password reset is $70 (Forester), imagine the extent of resources that are being wasted on a problem that could be solved by implementing FIDO. Some large U.S. organizations allocate over $1 million for password-related support! Where else could half of your IT support budget be reallocated within your company—and what else could your tech support team be spending half of its time doing—if you took the steps to eliminate passwords at your company?
Popular options such as one-time passwords (OTPs), password managers, and smart cards aren’t cutting it. Whether they’re expensive, not secure, or time consuming to use, other options just do not measure up to FIDO. OTPs for instance, are the least secure Multi-Factor Authentication (MFA) option available. Password managers are more convenient, but still not invulnerable. OneLogin was hacked in 2017, and Project Zero disclosed a security vulnerability in LastPass which put $16 million at risk (Tom’s Guide). Other options like smart cards, biometric readers, and EMV (CAP) readers can be even more expensive.
How FIDO can help you make money
We’ve walked through how passwords can cost you money, but what about the other side? FIDO can actually MAKE you money by:
- Lower friction with online purchases
- Lowering cart abandonment
- Attracting security-minded customers who will gravitate to you (and tell their friends)
On top of all that, deploying FIDO is actually affordable. StrongKey is an open source data security company; you can actually download our FIDO Certified® FIDO2 server for free. StrongKey provides instructional resources online to help you get set up, and there is a community on GitHub to support you.
So, there you have it. You’re now armed with the tools you need to present a case on why FIDO makes sense for both security and business. Happy authenticating.
About StrongKey: StrongKey is a privately held company based in Silicon Valley, California and Durham, North Carolina. As a leader in enterprise key management infrastructure, StrongKey is bringing new levels of data security to the market at a price point significantly lower than other solutions. Providing products and services for strong authentication, data confidentiality, and data integrity, StrongKey is focused on securing data for sectors that mandate the protection of sensitive data. StrongKey’s solutions are installed at customer sites around the world and are key components of mission-critical business operations.
About The FIDO Alliance: The FIDO (Fast Identity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and to remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication by creating standards for simpler, strong authentication that define an open, scalable, interoperable set of mechanisms to reduce reliance on passwords.