In a joint press release, Apple, Google and Microsoft announced that they are extending passwordless authentication options to all their platforms.
These joint efforts represent another important step in eliminating the password from our lives, which today continues to be a significant security risk.
The password, the Achilles heel of the web
On the occasion of Password Day 2022, Apple, Google and Microsoft announced that they will continue their efforts for a world without passwords. Password flaws have been known for a long time: they are often too weak, reused on several sites and they can be compromised if the user is a victim of phishing. If several solutions have been put in place to try to compensate for these weaknesses, such as double authentication or password managers, none really did without the secret code. But now, industry giants want to completely remove passwords from the authentication scheme.
For this, they will base themselves on the standards of the FIDO alliance, which allow you to connect to applications or websites using one of your devices, often a smartphone. If these standards are already supported by several popular applications, it was still necessary to connect at least once with the help of a password before being able to activate the connection functionality passwordless. And often, it was always proposed to connect with its classic identifiers or to use them to be able to recover access to its account. A way of doing things that always allowed the exploitation of password weaknesses, and which will soon be a thing of the past.
A future without a password?
This announcement means that all major platforms will support passwordless authentication in the future: iOS, Android, Google Chrome, Safari, Edge, not to mention the Windows and macOS operating systems. Users will be able to choose to use their phone as the primary authentication system for the sites and apps they use. To connect, and even register, all they have to do is unlock their smartphone with the action they have chosen. Their phone will contain a pass key, which will allow the website or app to authenticate it as soon as the device is unlocked. A way to connect based on public key cryptography and more secure since it does without traditional identifiers.
Announcing the extension of FIDO standards support to all major platforms means that developers will no longer need to offer alternative ways to log in and can simply set up authentication passwordless at any time, both for the creation of an account and for future connections. Also, for the feature to work, it will not be necessary to be faithful to a platform.
Vasu Jakkal, Vice President at Microsoft, told The Verge that it will for example be possible to ” log in to a Google Chrome browser running on Windows using a passkey on an Apple device “. As indicated by Google, do not panic if you lose your phone: the passkeys can be synced to your new phone using cloud backups.
These enhancements to the rank of passwordless authentication capabilities are planned to be implemented on all major platforms in 2023.
On the same subject :
And the most popular password in France is…
Sources: The Verge, Google, FIDO Alliance
10