Passwords on the Internet: soon the end of the ordeal? – 06/05/2022 at 08:51

A common authentication system called FIDO could be rolled out within a year, industry giants say.

(illustration) (AFP / KIRILL KUDRYAVTSEV)

(illustration) (AFP / KIRILL KUDRYAVTSEV)

“Forgot your password?”. Thanks to the “FIDO” system, the hassle of unique codes to remember would be a thing of the past within a year.

Google, Apple and Microsoft announced an agreement on Thursday, May 5 to build this protocol,

that allows you to authenticate on the Internet without having to remember a string of characters.

Smartphones at the heart of the game

“With the new feature, consumers can easily authenticate without a password and securely on websites and mobile applications, regardless of device or operating system,” summarized the FIDO Association Alliance (Fast Identity Online Alliance) in a press release.

Since 2012, it has brought industry players together to work on common authentication systems.

The goal, Google explains, is for users to connect to an online service by simply unlocking their smartphone (via their usual method: fingerprint, facial recognition, multi-digit code, etc.)

In concrete terms, a website can ask the internet user if he wants to “authenticate himself with his FIDO identifiers”. This message appears simultaneously on his phone, where the user only has to accept, by unlocking his screen, to connect to the site. Smartphones store this coded identification data, the so-called “passkey”.

The three tech giants have committed to deploying this new system within 12 months on Android and iOS (the Google and Apple mobile operating systems), Chrome, Edge and Safari (the Google, Microsoft and Apple browsers), as well as Windows and macOS. (Microsoft and Apple operating systems for computers).

From “azerty” to “doudou”, exposed codes

“Password-only authentication is one of the top security vulnerabilities on the web,” Apple notes in its statement. Because they cannot manage so many different passwords, individuals often use the same password, facilitating account takeovers, data breaches, and identity theft.

According to a study by specialist mobile security company Lookout, millions of users prefer widespread and insecure passwords, which are likely to be the target of hacks.

The five most commonly used passwords in the world are: 123456, 123456789, qwerty, password and 12345.

In France, the two most common combinations remain 123456 and azerty.

According to an ExpressVPN investigation passed on by PresseCitron, another insecure password has recently emerged: doudou

“The new approach will protect against phishing, and logging into a service will be radically more secure than passwords and other technologies such as one-time codes sent via SMS,” adds the iPhone maker.

The three US companies made their announcement on the occasion of World Password Day. Alex Simons, vice president of Microsoft, spoke in the FIDO Alliance press release about a “complete transition to a passwordless world” where “consumers would make a habit of going without passwords on a daily basis.”