By adopting a new authentication method from the FIDO Alliance, all three major operating system vendors will allow you to use encrypted credentials stored on your phone to automatically log in to your online accounts.
A future without passwords may be closer than we think, at least when a new initiative to use your smartphone as a mobile authenticator takes off.
On Thursday, the FIDO Alliance announced a new type of authentication that it would use keys stored on your phone to unlock your online accounts without requiring a password. Google, Apple and Microsoft agree to the new method and have promised that their respective operating systems will support this technology.
Passwords have always been a bad way to protect our accounts. We are constantly being told to create a strong, complex and unique password for each account. But that is a difficult task, leading many people to use weak and repetitive passwords, which can be easily compromised and used in data breaches and account takeovers. Tools like password managers have provided some relief, but they still chain us to this clumsy and ineffective means of authentication.
Supported by Google, Apple, and Microsoft, the new authentication method will store a FIDO-based passkey on your mobile phone. That key will be encrypted to protect it from compromise and will only be accessible when you unlock your phone. When you try to sign in to an app or website, whether on your phone, a nearby computer, or another device, that passkey will automatically sign you in regardless of operating system or browser, and without you having to enroll or re-enroll your account. device. If you switch to a new phone, your passkey will travel with you.
To allow the passkey to be transmitted, you’ll use the same methods you normally use to unlock your smartphone, such as a PIN, fingerprint scan, or facial recognition. The new approach will protect against phishing attacks and be more secure than passwords and multi-factor authentication methods, the FIDO Alliance said.
“To sign in to a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it to access it,” Google explained. “Once you’ve done this, you won’t need your phone again and can log in simply by unlocking your computer. Even if you lose your phone, your passkeys will be securely synced to your new phone from the cloud backup, allowing you to pick up right where your old device left off.”
WATCH: Password Cracking: Why Pop Culture and Passwords Don’t Mix (Free PDF) (Republic of Technology)
Google said it will implement this new passwordless technology in Android and Chrome. Apple will support it on iOS, MacOS, and Safari. Microsoft will do the same with Windows and its Edge browser.
This gives application and website developers the task of implementing the technology to enable passwordless logins, a process that will require the use of APIs offered by operating systems and browsers.
Although no specific deadlines or timelines were disclosed, Google said passkey support will be available industry-wide in 2022 and 2023, while the FIDO Alliance said new capabilities are expected to be available from Apple, Google and Microsoft. during the next year. .
“The complete shift to a password-less world will begin when consumers make it a natural part of their lives,” said Alex Simons, corporate vice president of product management at Microsoft. “Any viable solution must be more secure, easier and faster than passwords and legacy multi-factor authentication methods in use today. By working together as a community across platforms, we can finally achieve this vision and make significant progress toward eliminating passwords. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios.”