In a joint effort, tech giants Apple, Google, and Microsoft announced last weekend that they have pledged to build support for passwordless access across all mobile, desktop and browser platforms they control over the next year.
This announcement coincided with World Password Day on May 5th.
This means authenticating or logging into accounts on Android and iOS mobile devices; Chrome, Edge and Safari browser; Windows and macOS desktop environments.
“Just as we design our products in so they’re intuitive and have access, we also design them to be private and secure, “said Kurt Knight, Senior Director of Apple’s Product Marketing Platform.
“Working with the industry to create new, more secure login methods that provide better protection and eliminate password vulnerabilities, which is critical to our commitment to creating products that provide maximum security and a transparent user experience, all with the aim of keeping personal information safe for users. “
The passwordless sign-in process will allow users to choose their phone as the primary authentication device for apps, websites and other digital services, Google explained. in a post on the blog published on Thursday.
Unlocking the phone with everything set as default – by entering a PIN, drawing a pattern or using fingerprint unlock – will be enough to access the services web without having to enter a password at all, which is made possible by using a token unique. it is called a passkey shared between the phone and the website.
By making conditional logins on a physical device, the idea is that users will benefit from simplicity and security at the same time.
Without a password, there is no obligation to remember your login details through the Services or to jeopardize your security by reusing the same password. in more places. Likewise, a passwordless system would make it difficult for hackers to hack in remote login details because access requires access to a physical device; In theory, phishing attacks in where users are directed to a fake website to acquire passwords would be much more difficult.
Cross-platform functionality is made possible by one standard called FIDO, which uses public key cryptography principles to enable passwordless authentication and multi-factor authentication in a wide range of contexts.
The user’s phone can store a unique FIDO-compliant passkey and will only share it with an authentication website when the phone is unlocked. According to post by Google, passkeys can also be easily synced to a new device from a cloud backup in case of loss of the phone.
Although many popular applications already included support for FIDO authentication, initial sign-in required the use of a password before FIDO could be configured, meaning users were still vulnerable to phishing attacks that saw passwords being intercepted. or steal along the way.
But the new measures will do away with the initial password requirements, he told The Verge, who was seen by Al Arabiya.netSampath Srinivas, director of product management for Google’s secure authentication and head of the FIDO Alliance.
So far, Apple, Google and Microsoft have said they expect the new sign-in features to become available on all platforms next year, although a more specific roadmap has not been announced.
Read More About: Technology News