Lenovo, Intel, Synaptics, PayPal Want to End Use of Passwords on PCs

The companies are partnering to bring FIDO-compliant fingerprint authentication to upcoming Lenovo laptops, starting with the Yogi 910 convertible PC.

PC security

Lenovo officials want to bring fingerprint authentication to its PCs, and is partnering with several other companies to get it done.

Lenovo officials on Sept. 23 announced the company is teaming up with Intel, Synaptics and PayPal to offer fingerprint authentication that is compliant with biometric authentication standards created by the FIDO (Fast Identity Online) Alliance. The move is the latest in an industry that for years has said the traditional password system for verifying a user's identity has been riddled with problems, from being a weak security measure to forcing users to remember huge numbers of different passwords for signing into their systems and onto websites.

Biometrics methods—such as fingerprints or facial or voice recognition—offer ways of securing systems, websites and online payments more easily while freeing users from having to type in an array of disparate passwords as they move across the internet.

Technologies enabling this transformation are becoming more mainstream, and each company in the partnership brings with it particular capabilities. For its part, the FIDO Alliance was launched in 2012 by Lenovo, PayPal and others to encourage the development of authentication methods that are easier and more secure than passwords. It now has more than 250 members, including many top-tier tech vendors like Google, Microsoft, Intel, ARM, Qualcomm, Samsung, Dell, Lenovo and eBay, and other organizations in such areas as financial services and telecommunications.

"The average user has to remember passwords for many different accounts, from PC log-in, email to online shopping," Johnson Jia, senior vice president of Lenovo's PC and Smart Device Business Group, said in a statement. "We wanted to help change that by freeing users from the burden of remembering complex passwords by providing a simple authentication solution."

Brett McDowell, executive director of the FIDO Alliance, said in a statement that "passwords are a universal problem that is not limited to mobile devices. Every internet-connected device needs the ability to upgrade to simpler, stronger FIDO authentication."

Lenovo officials did not say when systems with the new fingerprint authentication technology will hit the market, but Jia said Lenovo—the world's top PC vendor—will bring the new technology to its laptops beginning with the Yoga 910 convertible PC.

Key to strong authentication systems that don't require passwords is having the technology based on the hardware, according to Lenovo officials. In this case, it includes Intel's 7th Generation Core chips that include the processor maker's Software Guard Extensions (SGX) technology and Synaptics' Natural ID fingerprint sensor, which comes with enterprise-level security via TLS 1.2 encryption. The combination of the technologies not only can securely capture encrypted user credentials, but also store them in the hardware, making them less open to malware attacks.

The Natural ID Fingerprint Solution is secured by such SentryPoint features as TLS 1.2 encryption and anti-spoofing algorithms, and is technology PayPal uses to help make payments in the system more secure.

"Today's notebook and PC users want solutions that are safer and more convenient for online transactions," Godfrey Cheng, vice president of marketing at Synaptics' Human Interface Systems Division, said in a statement.

The desire to find authentication methods that don't require password comes amid continuing reports of breaches that expose personal information about users. Most recently, officials with online giant Yahoo announced yesterday that the company had just discovered a breach that occurred in 2014, with hackers stealing account information—such as names, telephone numbers, email addresses and encrypted passwords—from at least 500 million users. Yahoo officials said the attack was carried out by "state-sponsored" hackers, though they didn't say from what country.