From 2023, passwords will no longer be needed to authenticate on PCs, apps and sites: a smartphone will suffice.
On the occasion of “Password Day”, which falls every year on May 5th, Apple, Google and Microsoft have announced that they want to revive an old dream: the elimination of passwords themselves.
To this end, they announced the creation of an infrastructure to allow password-less login on smartphones (Android and iOS), computers (Windows and macOS) and browsers (Chrome, Edge and Safari), and which should start operating as early as next year.
For some time the three giants have been accusing passwords of being an intrinsically insecure authentication system and are pushing for alternatives that they believe are more suitable and easier to use.
The choice for an alternative authentication system fell on smartphones, based on the belief that anyone who needs to access a computer, app or online service now owns one.
Once the system is up and running, for example, to access a website instead of entering a password, the user will only have to unlock the phone with the chosen system: PIN, pattern, fingerprint and so on.
It will then be the smartphone, communicating a unique cryptographic key called passkeyto guarantee the user’s identity to the site in question, which will guarantee access.
“With passkeys on mobile devices, you can log into an app or service from almost any device, regardless of the platform that the device runs” explains Vasu Jakkal, of Microsoft. “For example, users will be able to log into the Google Chrome browser on a PC running Microsoft Windows using the passkey of an Apple device”.
“Just the same way we design our products to be intuitive and efficient” – then gloats Kurt Knight, Apple executive – “We also design them to be private and safe. The work of defining new and more secure methods for authentication that offer better protection and eliminate password vulnerabilities is central to our commitment to making products that offer maximum security and a transparent user experience, while keeping password safe. personal information of users “.
The idea behind the proposal is that the use of a physical device is simpler and less prone to errors than entering a password, and obviously it does not matter that, if the smartphone is unlocked with a PIN, in essentially a password is always there.
On the other hand – the promoters reason – having to have a device available to be able to log in prevents hackers from accessing, since a password can often be stolen or guessed quite easily, while stealing a smartphone is a bit more complicated. . Likewise, with the proposed system, bogus sites used to conduct phishing attacks in order to steal passwords from users would suddenly become useless.
From a technical point of view, the gimmick of Microsoft, Google and Apple is based on the FIDO standard, which is based on the principle of public key cryptography and is already supported by several applications, even if the “push” received by the support of the three giants will certainly make it a much more familiar name than it is now.
Compared to the current implementations of FIDO, moreover, the proposed system – relying on the smartphone unlocking system – has the advantage of eliminating the password from the last place where it is still useful: during the configuration of an access with FIDO, in fact, it is it is necessary to specify a password.
“Support extended to FIDO announced today” – says Google through Sampath Srinivas, who is also president of the FIDO Alliance – “It will enable websites to offer an experience that is completely password-free and phishing-resistant at the same time for the first time. When passkey support is available in 2022 and 2023, we will finally have an Internet platform that will open the doors to a real future without a password “.
We would love to give thanks to the author of this article for this amazing web content
Apple, Google and Microsoft unveil the system that will eliminate passwords
Explore our social media profiles as well as other pages related to themhttps://prress.com/related-pages/