A passwordless user authentication reduces risks associated with the use of vulnerable "shared secrets" like passwords and one-time passwords that can be phished or stolen. Deploying stronger passwordless authentication raises the bar for user privacy and security and improves the user experience by eliminating the inconvenience of having to remember passwords and laboriously typing them at every login. Recommendation ITU-T X.1277 describes Fast Identity Online (FIDO) Universal Authentication Framework (UAF) that describes secure authentication using cryptography and a simple user login experience with biometrics such as fingerprint or face ID.
The compendium of resources for developers compiled on this page by the Security Infrastructure and Trust Working group under the Financial Inclusion Global Initiative (FIGI) focuses on FIDO UAF to demonstrate the adoption of strong passwordless authentication for user login and transaction confirmation, especially for digital financial services. The FIDO developer resources below include step by step guidelines for Android and iOS developers. A demo application is available on the Google Play store (refer to the resources section below for further information). The ITU would like to thank Acceppto for contributing this work in the Security Infrastructure and Trust Working group under FIGI.
