FIDO or Fast ID Online is the next generation of password-less login credentials. When you have a FIDO2 key installed on your account, Microsoft 365 (and many other service companies) can use the key to log you into your account securely, without remembering a tedious and impossible-to-remember password.
Password rules usually sound something like “Your password must contain a minimum of an uppercase letter, a lowercase letter, a number, a special character, three dwarvin ruins, an elvish cryptoglyph, and …. ” you get the idea! Nevermind that a rainbow attack doesn’t care what the characters are the only relevant thing is how many characters there are, you can’t remember what you used anyway! So then you use the same password on 1,000 different web sites because remembering all those “secure” passwords is impossible and one of those web sites gets hacked, so now some creep has your password to all those web sites!
You could subscribe to a service such as LastPass.com, which my family does, and it works really well, but there is a far better way.
No passwords at all.
Anywhere. And totally unhackable even if I accidentally click a Trojan link in a spam email or fall for a phishing email that looks like it is from my bank and login. FIDO2 security keys cannot be hacked, um, at least as far as we know today. Nothing is unhackable with the right perspective.
So how do you get this FIDO2 Key? How do you use this FIDO2 key? I get mine from a company named YubiCo at https://www.yubico.com/. The FIDO2 key comes in different versions to plug into your computer’s USB slot, or to hold on your phone for NFC. Like Tap to pay. There are a zillion different styles to fit any taste, and cute little skins to paste on your key to make it pretty, or distinctive! The current prices (as of today, August 5, 2022) vary, from $25 to $50. They pretty much all do the same thing – when you login it the web site asks you to insert your security key and tap it with your finger, then sometimes it asks for the 4-digit PIN you chose to go with the key, sometimes it doesn’t ask, and boom! You’re logged in. No password. HA!
Annnnnddddd … it doesn’t matter if a bad guy gets you to do that on his Trojan look-alike ‘banking’ web site! The codes sent by the key are different every time, and can’t be used twice. It’s “unhackable” until some smart person figures out how. For now, it’s the best kind of security we can have: simple, easy, fast, and no difficult passwords to remember or have stolen.
If you want to know more
Much more information is available from YubiCo and the FIDO2 Alliance. If you are interested, please browse to their web sites and read the details.