On the occasion of World Password Day, the trio of Apple, Google and Microsoft just made a big announcement in the field of computer security. They will take the lead Fido Open Standard over the next year within their respective operating systems and browsers: iOS, macOS, Safari, Chrome, Android, Edge, Windows, etc.
A passwordless connection process allows users to use their smartphone to authenticate themselves on all compatible applications. You no longer need to create or enter a password at any time. A first.
How does it work ?
You need to start by choosing an authentication system on your smartphone to enroll. This can be based on a biometric process such as facial recognition or a fingerprint, a PIN or even drawing a pattern. The Fido authenticator is unlocked when you activate this system on your smartphone. An encrypted key pair is then created. The first, private, is kept by the device. The second, called public, is stored by the service and associated with your account.
After that, every time you connect, a message signed with the private key is sent to the service, which validates it with its public key, giving you access to the application.
If the Fido standard hasn’t been more widely adopted since then: the first release in 2014, is that there were some obstacles that made the user journey even too complex. A password had to be created to register. Another limitation, repeat the procedure on each new device.
What’s new is that Fido authentication can be accessed regardless of the operating system or browser. And that it will be possible to enroll a new device via Bluetooth with another terminal nearby that already has the credentials.
This makes it possible to easily switch from, for example, an iPhone to an Android device. “Users can log in to a Google Chrome browser running on Microsoft Windows, with a password on an Apple device”summarized for The edge Vasu Jakkal, Microsoft vice president for security, compliance, identity and privacy.
See also video:
For tech giants, it would only benefit to adopt Fido. In addition to the simplicity, it is also a more secure way to authenticate. This prevents some from using the same password for all their services or combinations that are too weak. Fido finally makes it possible to fight phishing and avoid having to resort to SMS authentication, which can be hijacked.