Passwordless Authentication in IoT Devices

Today, a lot of IoT devices come with default passwords and have poor security in place, which could make them vulnerable to cyberattacks.This issue can be solved by using passwordless authentication. It combinesbiometric authenticationsecond-factor authenticationmulti-factor authentication.Passwordless authentication involves the use of Authenticator at users’ local end, like a smartphone, USB Key, smart card, etc. Unlike common authentication methods, passwordless authentication does not transmit passwords via the internet but separates verification and identification.Currently, there are no IoT security standards for device authentication, which leaves devices vulnerable as they are released in the wild with default password credentials and manual onboarding options. With the increasing use of smart devices, there is an increasing problem in password verification in traditional IT systems, including account being hacked, unfriendly user experience, or hard-to-remember passwords. These password problems bring the need to introduce passwordless authentication.An industry group called FIDO (Fast Identity Online) Alliance is working on this secure, password-free access standard for IoT devices to help solve this password problem. The alliance has experts from Intel, Arm, Microsoft, Google, and Amazon working under two main groups, Identity Verification and Binding Working Group, and IoT Technical Working Group.These groups will define criteria for remote ID verification and develop a certification program for manufacturers to develop technical profiles to handle the authentication between IoT devices and service providers. Furthermore, they will define criteria for remote ID verification and develop a certification program for manufacturers.