Adopting a new authentication method from the FIDO Alliance, the three major operating system vendors will allow you to use encrypted credentials stored on your phone to automatically log in to your online accounts.
A future without passwords may be closer than we think, at least when a new initiative to enlist your smartphone as a mobile authenticator kicks off.
Thursday, the FIDO Alliance announced a new type of authentication which would use passkeys stored on your phone to unlock your online accounts without the need for a password. Google, Apple and Microsoft all agree with the new method and have promised that their respective operating systems will support the technology.
Passwords have always been a bad way to secure our accounts. We are constantly told to create a strong, complex and unique password for each account. But it’s a difficult task, leading many people to use weak and repetitive passwords, which can easily be compromised and used in data breaches and account takeovers. Tools such as password managers have brought some relief but still shackle us to this clunky and ineffective means of authentication.
With support from Google, Apple and Microsoft, the new authentication method will store a FIDO-based password on your mobile phone. This key will be encrypted to protect it from compromise and will only be accessible when you unlock your phone. When you try to log in to any application or website on the phone itself, a nearby computer or another device, this password will automatically log you in regardless of the operating system or browser and without whether you need to enroll or re-enroll your device. If you change phones, your password will travel with you.
To authorize the transmission of the password, you will use the same methods that you normally use to unlock your smartphone, such as a PIN code, fingerprint scan or facial recognition. The new approach will protect against phishing attacks and be more secure than passwords and multi-factor authentication methods, the FIDO Alliance said.
“To log into a website on your computer, you’ll just need your phone nearby, and you’ll just be prompted to unlock it to access it,” Google explained. “Once you’ve done this, you won’t need your phone anymore and you can sign in by simply unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone. from cloud backup, letting you pick up where your old device left off.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Google said it will implement this new passwordless technology in Android and Chrome. Apple will support it in iOS, MacOS and Safari. Microsoft will do the same for Windows and its Edge browser.
This gives app and website developers the task of implementing the technology to enable passwordless logins, a process that will require the use of APIs offered by operating systems and browsers.
While no specific timeline or timeline was revealed, Google said passkey support would be available industry-wide in 2022 and 2023, while the FIDO Alliance said passkey support will be available. new features are expected to be available from Apple, Google and Microsoft over the coming year. .
“The full shift to a passwordless world will start with consumers making it a natural part of their lives,” said Alex Simons, vice president of product management at Microsoft. “Any viable solution must be safer, simpler and faster than passwords and the old multi-factor authentication methods used today. By working together as a community across all platforms, we can finally realize this vision and make meaningful progress towards eliminating passwords. We see a bright future for FIDO-based credentials in consumer and enterprise scenarios. »