In commemoration of World Password Day, which was yesterday, May 5, Apple, Google, and Microsoft are launching a "joint effort" to crack down on "password."
And is that the main suppliers operating systems want to "expand support for a common passwordless login standard created by the FIDO Alliance and the World Wide Web Consortium.
this standard it is called a “multi-device FIDO credential” or simply "password". Instead of a long string of characters, this new system expects the app or website you're signed into to send an authentication request to a phone.
From there, you'll need to unlock the phone, authenticate with a PIN or biometric ID, then you can continue. The goal is to implement easy-to-manage, consistent cross-platform authentication for software and websites, without having to remember passwords.
In a joint effort, tech giants Apple, Google, and Microsoft announced yesterday morning that they are committed to implementing support for passwordless login across all mobile, desktop, and browser platforms they control in the coming year.
This means that passwordless authentication will be available on all major device platforms in the near future: Android and iOS mobile operating systems, Chrome, Edge, and Safari browsers, and Windows and macOS desktop environments.
“Just as we design our products to be intuitive and powerful, we also design them to be private and secure. Working with the industry to establish new, more secure login methods that provide better protection and eliminate password vulnerabilities is at the core of our commitment to building products that deliver maximum security and a seamless user experience, all in one. an effort to maintain users' personal information. sure,” said Kurt Knight, senior director of platform product marketing at Apple.
A passwordless login process will allow users to choose their phone as the primary authentication device for apps, websites, and other digital services, as Google detailed in a blog post published yesterday.
Then it will be enough to unlock the phone with the action defined by default (enter a PIN code, draw a pattern, or unlock using a fingerprint) to connect to web services without having to enter a password, thanks to the use of a unique cryptographic token called an "access key", shared between the phone and the website.
“This milestone is a testament to the collaborative work being done across the industry to strengthen protection and eliminate outdated password authentication. For Google, this milestone represents nearly a decade of working together with FIDO, as part of our continued innovation toward a future without passwords. We hope to make FIDO-based technology available on Chrome, ChromeOS, Android, and other platforms, and we encourage app and website developers to adopt it, so people everywhere can learn more. ' says Mark Risher, Google's senior director of product management.
By making the connection dependent on a physical device, the idea is that users simultaneously benefit from simplicity and security. Without a password, you won't need to remember your login details for the Services or compromise security by reusing the same password in multiple places.
Similarly, with a passwordless system, it will be much more difficult for hackers to compromise remote login data, since the login requires access to a physical device; and, in theory, phishing attacks in which users are directed to a fake website to capture the password will be much more difficult to organize.
Although many popular apps already support FIDO authentication, the initial login required the use of a password before FIDO could be set up: meaning users were still vulnerable to phishing attacks where passwords were intercepted or stolen. But the new procedures will eliminate the initial requirement for a password, said Sampath Srinivas, director of product management for secure authentication at Google and president of the FIDO Alliance.
Companies have been trying to ditch passwords for years, but getting there hasn't been easy. Passwords work fine if they are long, random, secret, and unique, but the human element of passwords is still a problem.
Finally, if you are interested in knowing more about it, you can consult the details In the following link.