Since we tend to use easy-to-remember combinations, or reuse the same password everywhere, passwords are a real threat to our data security. To overcome this, solutions already exist, such as password managers or two-factor authentication.
But the FIDO alliance, which brings together a good number of web players, is also working on a new method of authentication on websites and mobile applications that no longer requires a password at all. And the good news is that this project is supported by Apple, Google and Microsoft who, in a press release, announce that they will support this technology.
“Expanded standards-based capabilities will give websites and applications the ability to offer an end-to-end passwordless option”we read on the press release of the three companies. “Users will log in with the same action they take multiple times a day to unlock their devices, such as a simple fingerprint or face verification, or device PIN. »
According to the FIDO alliance site, this passwordless authentication relies on cryptography and uses “passkeys” instead. “When signing up for an online service, the user’s client device creates a new key pair. It keeps the private key and registers the public key with the online service”indicates this one.
“Authentication is performed by the client device proving possession of the private key to the service by signing a challenge. Customer private keys can only be used after being unlocked locally on the device by the user. Local unlocking is accomplished by a user-friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second factor device, or pressing a button”also explains the alliance.
In other words, instead of entering a password to log in to a site or an app, most users will therefore only have to unlock their devices.
Apple, Google and Microsoft plan to make this technology available on their platforms in the coming year. Of course, the online services and apps we use will also need to support this new authentication method.