May 9, 2022
- Google, Apple and Microsoft want to enable access to accounts, devices and websites without passwords.
- The three tech giants announced that they want to work together across platforms for this plan.
- The step into a password-free era should become reality as early as 2023.
“The new feature will allow websites and apps to offer consumers consistent, secure and easy passwordless sign-ins across devices and platforms.”
Apple Newsroom, Apple.com
Why is such a new feature needed?
According to apple.com, simple password authentication is “one of the biggest security problems on the web”. In its blog entry on the new function, Google adds that “due to increasing phishing attacks, weak passwords or passwords that are even used more than once, their use is also becoming increasingly insecure.”
The consequences would be “expensive account takeovers, data breaches and even stolen identities”. The new registration technology was created in a cross-industry collaboration and is intended to make registration “more convenient and secure” for us users.
How will passwordless registration work?
The new login procedure uses a so-called “standard public key cryptographic technique”. If we want to use it to log into a website or an app in the future, we just have to unlock our smartphone.
The newly developed, four-stage registration process then begins automatically in the background. In the course of this, according to a Google blog post on the new technology, our smartphone “stores a FIDO authorization, which is called a “passkey” (i.e. master key) and is used to unlock your online account.
This passkey makes logging in far more secure because it is based on a public key with cryptography and is only displayed in your online account when you unlock your phone.” In the future, we will only need our smartphones to log in via a PC.
Who is behind the new development?
According to Apple, “hundreds of technology companies and service providers from all over the world” have worked together to develop the passwordless login process – including the German Federal Office for Information Security.
They are organized in the non-commercial FIDO Alliance. FIDO stands for Fast IDentity Online. Founded in 2013, the Alliance and its partners are developing “open and license-free industry standards for global authentication on the Internet”.
When should we be able to access the function?
According to a statement from the FIDO Alliance, the new passwordless login is already “supported by billions of devices and all modern web browsers.” Apple, Google and Microsoft now want to install it on their platforms as well.
It is planned that the new functions will already be available in the course of the coming year. However, Google is dampening expectations and writing that “it will be some time before this technology is available on all devices and website and app developers can use it. Passwords will continue to be part of our lives during this transition.”
Who can use the new passwordless access feature?
The announcements by the three tech companies Google, Apple and Microsoft relate to the integration of the new technology on their own platforms and applications, e.g. Google Chrome and Android, iOS, MacOS and other Apple platforms as well as Windows. “The full transition to a passwordless world will begin with consumers making it a natural part of their lives.
Any viable solution must be more secure, simpler and faster than the passwords and outdated multi-factor authentication methods used today,” explains Alex Simons, Corporate Vice President of Microsoft, explaining how the introduction will continue. On its website, FIDO documents the companies that use the FIDO – Already use or support technology.
.
#Finally #passwords
