Passwordless Authentication is the Greatest Thing Since Sliced Bread
It’s the greatest thing since sliced bread. It’s a phrase that’s so well worn that it feels like the phrase has been around forever. But it’s actually only been said for maybe seventy years. What’s more, sliced bread was the greatest thing since the toaster. And those two, the toaster and sliced bread, highlight an important rule of technological innovation.
The toaster came out during the electric age. The light, the radio, the motor and the generator all came about during the heady decades of the late 1800s and early 1900s. Houses were being wired for electricity when GE introduced the first electric toaster in 1909. But sliced and toasted bread was still a conundrum. There were two key problems that had to be solved first: bread came in all shapes and sizes; and only around 10 percent of American homes had electricity. The underlying standards and infrastructure weren’t ready for the greatest thing quite yet.
We can say the same thing about the decades before passwordless authentication was a reality. The equipment was ready. Biometrics had been around for some time. Back in 2008, I managed a data center with fingerprint authentication (I also regularly demonstrated the weakness of this security measure with a gummy bear, but that’s a story for another day). Facial recognition was commercially available in 2009 on Lenovo notebooks. Fingerprints and facial recognition hit phones in 2013 and 2017, respectively. So why are we still keying in passwords? In a word — standards.
Back to breakfast for a moment, the perfect sliced piece of bread would not be hot and toasted until bread standards became uniformed. To get there a few things had to happen. The first commercial bread loaf slicing machine was developed in 1928 followed by the debut of Wonder Bread in 1930. By then, over half of American homes had electricity. The breakfast revolution had come. By 1950, toasters were everywhere and everything new was the greatest thing since sliced bread.
FIDO2 and Web Authentication (WebAuthn) may be the standard we need to turn up the heat on passwordless. In March 2019, The World Wide Web Consortium (W3C) announced WebAuthn is now the official passwordless Web standard. Apple, Google, and Microsoft have already added WebAuthn support to their products. Much like homes with electricity, things will take off quickly once adoption reaches the halfway mark.
Recommended reading: Developments to WebAuthn and the FIDO2 Framework.
This is a rule of technological innovation: we need standards, infrastructure, and critical mass. The underlying components come into being early, and out of order. The toaster before sliced bread. The fingerprint reader before the WebAuthn protocol. It’s when all three ingredients come together that things get exciting. And we are just about there with passwordless authentication. Get excited.
BONUS: The Rowlett Regent introduced the first commercial toasters in 1945. Their toasters have been in production, with very little change, since 1945. Check out this video to see the classic toaster being assembled.
To help enterprises stay ahead, Duo helps reduce enterprise security risks associated with user and device access by providing seamless accessibility based on trust - known as our Zero Trust platform.
This document will highlight how you can leverage Duo’s Zero Trust platform to enable and secure your business for the future.
Free Guide